Windows PC Backup Wizard Setup - good or bad?

[bula79]

Is this a company computer?
What Windows 7 is being used?
Does this computer access a company domain or network?
http://www.sevenforums.com/tutorials/180324-system-info-see-your-system-specs.html

Yes it's a company computer, Windows 7 Professional 64 bit, and yes it has access to a domain.

 

[bula79]

I found the culprit, and it's not picked up by most adware/virus cleaners as of yet.

The .exe launcher for this file is located in a folder called PCWDownloader in Program Files / Program Files (x86). Delete the PCWDownloader and PCWUpdated folders, remove references to them in the Registry and remove any scheduled tasks regarding these folders in the Task Scheduler.

As of the time of this post, you have to manually remove this particular pop-up.

Thank you, I haven't been able to get back to the client yet, but when I do I will try out these steps to see if it solves the issue.

 

[UsernameIssues]

~~~
Also, the clients Symantec Endpoint Protection definitions were out of date by about 6 months (I had no control over this). When I mentioned this to my boss he said running a scan with up to date definitions wouldn't pick up anything if Malwarebytes didn't pick it up. I'm not sure if I buy that though.
~~~

Your boss is correct. Symantec Endpoint Protection does not even try to keep up with these types of programs.

~~~
There seems to be no way to close this box except by logging out of the user account (it's not in the Task Manager applications list).
~~~

I suggest that you start using Process Explorer and Autoruns for situations like these.

Drag the target from Process Explorer onto the popup window and it should highlight the process that created it. Open the properties for that process and copy the file name of the exe that created the window. Open Autoruns. After it populates, electronically search for the EXE that created the popup. (Ctrl + F and paste in the EXE). In this case, the EXE should show up in the scheduled task section.

You might also be interested in this: http://www.sevenforums.com/tutorial...er-virustotal-check-all-processes-50-avs.html



@shlack123,
Thanks for posting your findings.

 

[UsernameIssues]

~~~
...there were about 130+ updates that I installed when I was there. Is it possible that the issue could go away after installing the updates? My guess is probably not.

~~~
...I haven't been able to get back to the client yet, but when I do I will try out these steps to see if it solves the issue.

Wow. On-site support. That has got to cost a pretty penny.

You might ask your boss about purchasing some remote control software. TeamViewer is very expensive, but at least you only pay once. There are several other remote control options out there. UltraVNC is free, but requires some work to use it in a secure fashion. i would not use the server mode for unattended remote access.


I wonder what the price of TV will be after today

 

[JamboreeBree]

icloud

I was having the same problem. I back tracked to the last apps I downloaded. I deleted icloud I installed by Apple and I haven't seen the annoyance since.

 

[vet74]

To be clear this is not my computer, I am a field technician and it is one of our clients computers. The client did not start receiving this message until a few days ago. It was definitely not installed intentionally.

I have not heard of AdwCleaner before. Do you think running this could pick up something that MalwareBytes may have missed?

Also, the clients Symantec Endpoint Protection definitions were out of date by about 6 months (I had no control over this). When I mentioned this to my boss he said running a scan with up to date definitions wouldn't pick up anything if Malwarebytes didn't pick it up. I'm not sure if I buy that though.

- Vet

And lastly the Windows automatic updates were set to manual (again, I had no control over this) and there were about 130+ updates that I installed when I was there. Is it possible that the issue could go away after installing the updates? My guess is probably not.

Have you looked in the Action Center (in Control Pane)? This should list the AV programs that are active. You may be able to disable it there and then find out where the offending program resides, then uninstall/delete it. CCleaner (Free) may be of help. I also use Revo Uninstaller Pro (not free) and find it very helpful in these cases. Sysinternals Process Explorer may help, but it's primarily for advanced users. Autostart Program Viewer may be of some help too.