A program i don't trust and can't find anything about on Google.

Closed
ElvisBanfield Posts 3 Registration date Friday January 5, 2018 Status Member Last seen January 26, 2018 - Jan 23, 2018 at 07:29 AM
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Jan 27, 2018 at 05:00 AM
Hello,

I have a program i don't trust called: 67dd073d407b7c58e11e63381965125e.
I first saw it in my task manager at the top. Clicked "end task" and threw the files away (where located in Program files on the main disk). Also emptied the trash bin to make sure it was off my computer.
The next day it all just came back. I can't find out what this is and why it keeps coming back.
Can somebody please help me with this?!




Related:

2 responses

Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,163
Updated on Jan 23, 2018 at 05:38 PM
Hi Elvis,

Sorry for the late reply. I am not online all day.

I see why you don't trust those files especially so that one of them is a .exe file.

To help you and prescribe the remedy, I must make a diagnostic and to do so, I require a report.

1. Open this link and download ZHPDiag :
https://nicolascoolman.eu
(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message, ignore it.) Click on the download button

2. Save the file on your Desktop.

3. Double click on ZHPDiag.exe and follow the installation instructions.

(For Vista, Win 7, 8 and 10 users, click right to ensure you run with admin right)

4. Double click on the short cut ZHPDiag on your Destktop.

5 Click on scan
Wait for the tool to finished (maybe a long time)

6. Close ZHPDiag.

7. To transmit the report, click on this link :

http://www.tinyupload.com/index.php

8. Search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).

9. Copy the url link obtained from tinyupload and paste it here in your reply.

Ambucias

CCM Moderator and Virus/Security Contributor
0
ElvisBanfield Posts 3 Registration date Friday January 5, 2018 Status Member Last seen January 26, 2018
Jan 25, 2018 at 08:55 AM
Hi Ambucias,

Thank you very much for your reply!
Here is the link:
http://s000.tinyupload.com/?file_id=99176713304100644903

Elvis
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,163 > ElvisBanfield Posts 3 Registration date Friday January 5, 2018 Status Member Last seen January 26, 2018
Jan 25, 2018 at 04:54 PM
Thanks for the report. Stand-by for my analysis
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,163
Jan 25, 2018 at 05:42 PM
Hi Again Elvis,

You like to live dangerously and risk your system's safety.

There is all kinds of malware in your system including a Trojan Horse which may download updates from the remote locations then perform malicious activities on your compromised computer.

How did all the malware get your computer? You downloaded it and installed it on your computer. All the malware your downloaded and installed came from UTorrent and BitTorrent, 16 malware out of 25.

Furthermore, for antivirus software you are using Windows Defender which has been outclassed by many other free antivirus software. Your firewall is not even active.

We will try one tool which will remove most of the malware if not all.

Download ZHPCleaner here:

https://nicolascoolman.eu

No need to install it.

Click on scanner, let the tool run. Once the scan completed, click on clean or the brush. Let the tool run. After, generate a report, copy and paste it here.

Good luck
0
ElvisBanfield Posts 3 Registration date Friday January 5, 2018 Status Member Last seen January 26, 2018
Jan 26, 2018 at 07:13 PM
Hi Ambucias,

I think you're right that all the malware came from UTorrent, i have to admit i downloaded a lot in the past. About a month ago i downloaded an extension for a game that included a virus. It installed a lot of weird games on my desktop and when i visited Youtube.com i was seeing a lot of advertisements at strange places.
Later on i managed to fix all the strange advertisements and those weird games didn't come back after i deleted them. I thought it was all gone until i saw the weird program i noticed before.

I ran the program, scanned and cleaned like you told me to.
Here is the report: http://s000.tinyupload.com/?file_id=56275631398606210964
Thanks for your help so far!

Elvis
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,163 > ElvisBanfield Posts 3 Registration date Friday January 5, 2018 Status Member Last seen January 26, 2018
Jan 27, 2018 at 05:00 AM
Hi Karel,

Again, just in the last 24 hours your system got infected again.

The virus will configure your browser to use a Proxy server that allows it to inject ads into various sites that you visit. It may also installs a root certificate into the Windows Trusted Root Certification Authority.

Last, but not least, this virus called Wajam, constantly changes the filenames, folder names, and registry entries associated with the adware. My guess is it does this to avoid detection by security scanners. does this to avoid detection by security programs.

Let see if these step will remove the virus Wajam:

As Wajam Ads sometimes has a usable Uninstall entry that can be used to remove the program, we want to try that first. To do this, click on the Start button and then select Control Panel.


When in the Control Panel, double-click on one of the options below depending on your version of Windows

For Windows XP double-click on the Add or Remove Programs icon.

For Windows Vista, Windows 7, Windows 8, and Windows 10 double-click on the Uninstall Program option.


When the Add or Remove Programs or the Uninstall Program screen is displayed, please scroll through the list of programs and double-click on each of the entries listed in bold below to uninstall them.

Wajam

When you double-click on the above entries to uninstall them, please follow the default prompts and allow it to remove all files and all configuration information related to this program. If any of the programs ask you to reboot your computer, do not allow it to reboot until you have uninstalled all of the programs listed above.

Let me know.

P.S. Your computer is not yet protected by a proper antivirus program. It is very vulnerable and I predict that it will get infected again.
0