Adware.Gdown

Discussion in 'Malware Help (A Specialist Will Reply)' started by SDrake, Nov 26, 2009.

  1. SDrake

    SDrake Private E-2

    Hello second time posting, I had the "haxdoor e" thread about a month ago, thought it was clean even though my internet connection was just a bit dodgey but I've been noticing some pretty major lag consistently.

    Scanned and I'm having a problem with some Adware Malwarebyte's picked up that can't be removed, even on restart. When I scan with Malwarebyte's on the my Admin account nothing shows up, only the one item shows when I scan on the Limited User Account. SUPERAntiSpyware comes back clean on both. I haven't even used it much, just made it after that last thread closed.

    Ran all the scans on the admin account but attaching the MBAM log from the Limited User Account. Again, any help would be appreciated, hope to shake it this time. Thanks.
     

    Attached Files:

    SDrake, Nov 26, 2009
    #1
  2. SDrake

    SDrake Private E-2

    MGlogs
     

    Attached Files:

    SDrake, Nov 26, 2009
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You cannot run cleaning procedures using a limited account.

    You are way out of date with your version of SUPERAntiSpyware and Malwarebytes.
    • Please uninstall your current version (this is necessary).
    • Then download this SUPERAntiSpyware
    • Install this new version. It may tell you that you need to reboot to complete the installation. You must reboot at this time.
    • After the reboot, run SUPERAntiSpyware and immediately click the Check for Updates button to get more updates for the database.
    • Now run a new full scan of your system. And attach this new log.
    Now run Malwarebytes and click the Update tab. Then click the Check for Updates button so you update to the current version of the program and database. Then run a new scan with it too. Attach the new log.

    What exact problems are you still having now? You don't appear to be having malware problems.
     
    chaslang, Nov 28, 2009
    #3
  4. SDrake

    SDrake Private E-2

    Alright, updated and ran the the scans on both accounts. Could have sworn they were updated though, at least at the time I scanned with them since that happened last time.

    Same thing, nothing found on the admin account and just Adware.Gdown pops up on the limited account. I googled it and I guess it usually has something to do with Dell support software so I suppose it might be fine.

    Problem I was having was a majorly slow internet connection, pretty consistently ever since the last infection so I thought it might be something left over. explorer.exe would be running at about 75-90k mem usage when nothing was running, which seemed like malware. Like when playing a game or something, major latency making it unplayable but seemingly works fine for other things like Xbox Live and other computers.

    The only other thing I'm thinking it could have been was something Malwarebytes picked up on a scan before the ones I did to post logs for.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Which it seems to have gotten rid of. Only showed on the limited account. I'll mess around with it today and see how it runs. Sorry if it's nothing.
     

    Attached Files:

    SDrake, Nov 30, 2009
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Updating SUPERAntispyware only updates the database and not the program version. You have to uninstall and reinstall to update the program itself and then get all updates for the database. MBAM will update everything when you update but you were just not up to date. I wanted to see if the false detection ( which is what it is ) went away when updated. Obviously it did not from what you stated.

    There is no reason that this file should be detected when running on a limited account and not on an admin account. The file is in a common area and is not related to a specific account. You could report the False Positive to Malwarebytes if you wish or you can simply ignore it.

    Yes it is Gtecko and used by Dell.

    Windows Explorer will always take up way more memory than 75-90k so I'm not sure what you are referring to but your numbers are way off. A typical explorer.exe session will be 25,000 K ( which is 25 MB ). And when I checked your runkeys.txt log inside of MGlogs.zip the below is what yours was using and it agrees with what I just said
    Code:
    Image Name                   PID Session Name     Session#    Mem Usage
========================= ====== ================ ======== ============
explorer.exe                1220 Console                 0     25,984 K
    Most frequently issues like this are not related to malware. It is more typical that it is a connection issue or some other software being run or the fact the internet connection is shared via multiple people in a household and others are also using bandwidth. Especially if anyone in the house is doing any P2P/torrent downloading. When this happens, everyones latency will increase.

    Insignificant minor adware. And this reg key was only related to the specific user account being used when the scan was run.


    Since you are not having malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    10. After doing the above, you should work thru the below link:
     
    chaslang, Dec 2, 2009
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds