Guest LilBambi Posted June 23, 2013 Share Posted June 23, 2013 (edited) Have any of you seen this piece of work? It was not in the Control Panel Remove a Program area under Windows 7 as noted here. Uninstalled the redirector and popup creator in Remove a Program; Session and Tab browser addon's that were under Remove a Program for Internet Explorer, and in Firefox. The browsers now are working right but I looked up IMinent toolbar and it gave me info regarding a potential rootkit installation. Malwarebytes didn't find anything, and ESET Nod32 didn't find anything; at least it doesn't now. Client said ESET was complaining but when I got into it, there were no complaints and nothing in the Quarantine. I downloaded gmer and it came back with the following (I changed user name to protect client): GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-06-23 16:48:55 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD10 rev.01.0 931.51GB Running: 62crk0iq.exe; Driver: C:\Users\username\AppData\Local\Temp\fxdiruob.sys ---- Processes - GMER 2.1 ---- Library C:\Program Files (x86)\IMinent Toolbar\TbHelper2.exe (*** suspicious ***) @ C:\Program Files (x86)\IMinent Toolbar\TbHelper2.exe [4000] 0000000000260000 Library C:\Program Files (x86)\IMinent Toolbar\TbCommonUtils.dll (*** suspicious ***) @ C:\Program Files (x86)\IMinent Toolbar\TbHelper2.exe [4000] 00000000716c0000 ---- EOF - GMER 2.1 ---- NOTE: There is no folder by that name. There is a folder that I can see called IMinent with a subfolder in it called inst or something like that. and bootstrapper.exe is in that folder. But NO folder called IMinent Toolbar and gmer said those were running. I was not able to see those files or that folder. I tried to stop a TBHelper process but it wouldn't allow me to end it. Any thoughts? She said a friend told her to download Windows Photo Gallery. She apparently got it from the wrong site, the installer didn't have the right icon. It apparently complained she already had it installed, and she did BTW. It started installing emoticon stuff, and those session and tab things that changed up her home page to present ads, and interject disgusting ads in pages, and provide popups that were bad. Edited June 23, 2013 by LilBambi Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted June 23, 2013 Share Posted June 23, 2013 As I say I got the session and tab things uninstalled but am left with this 'thing' that only gmer sees...rootkit maybe eh? Quote Link to comment Share on other sites More sharing options...
Corrine Posted June 24, 2013 Share Posted June 24, 2013 IMinent is in the Junkware Removal Tool definitions. Both JRT and AdwCleaner are great tools but fresh copies need to be downloaded regularly since members of the security community submit new files to the developers on a regular basis. JRT Instructions: Please download Junkware Removal Tool to your desktop. Disable your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message. It wouldn't hurt to run AdwCleaner too. It has three options, search, delete and uninstall. The instructions below are for delete. Note that if your friend has a group of tabs set to open with the browser, AdwCleaner will remove them so I suggest making a note if that's the case. Please download AdwCleaner by Xplode to your Desktop. Double-click AdwCleaner.exe to run the tool. Click Delete. Everything that was found will be deleted. Save any open files and approve the reboot. A text file will open after the restart. Please post the contents of that logfile with your next reply. Note: The log can also be found at C:\AdwCleaner[XX].txt where XX denotes the number of times the application has been run, i.e., S1 Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted June 24, 2013 Share Posted June 24, 2013 Thanks Corrine. Will it get rid of that hidden stuff that gmer found? OK I will do so. Thanks! I would have run those but that rootkit type hidden item through me a curve I wasn't expecting for that. Quote Link to comment Share on other sites More sharing options...
Corrine Posted June 24, 2013 Share Posted June 24, 2013 If "C:\Users\username\AppData\Local\Temp\fxdiruob.sys" remains, run TFC: Download TFC to your desktop Open the file and close any other windows. It will close all programs itself when run, make sure to let it run uninterrupted. Click the Start button to begin the process. The program should not take long to finish its job Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted June 24, 2013 Share Posted June 24, 2013 Yea! Got rid of it! And all the things I was concerned about removing in the wrong order that could have caused problems is gone. And of course the file I couldn't kill is gone too. Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted June 24, 2013 Share Posted June 24, 2013 Thanks Corrine. Hadn't run into that one yet. Quote Link to comment Share on other sites More sharing options...
Corrine Posted June 24, 2013 Share Posted June 24, 2013 It wouldn't hurt to run TFC too, just on general principles. Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted June 24, 2013 Share Posted June 24, 2013 Very true. Thanks! And all is well! It's great to have posts like this here. Other folks may also run into this sort of thing. Quote Link to comment Share on other sites More sharing options...
onederer Posted June 24, 2013 Share Posted June 24, 2013 Boy! keeping Windows clean is such hard work! I' glad that Linux lets me concentrate on other more interesting things! Quote Link to comment Share on other sites More sharing options...
zlim Posted June 24, 2013 Share Posted June 24, 2013 It is not hard to keep windows clean.You just limit downloads to certain known clean sites like File Hippo and Major Geeks. Then you do a custom install and don't blindly click buttons without reading the screens. Quote Link to comment Share on other sites More sharing options...
onederer Posted June 24, 2013 Share Posted June 24, 2013 How about the cleaning industry? One has to pay and pay for this cleaner or that cleaner or that fixer-upper. And they sure don't come cheap! Windows is like a rug. Anything which enters it. leaves some dirt behind. And you know how well rugs collect dirt! Cheers! Quote Link to comment Share on other sites More sharing options...
ross549 Posted June 24, 2013 Share Posted June 24, 2013 And yet, the best cleaners are free. Adam Quote Link to comment Share on other sites More sharing options...
Corrine Posted June 24, 2013 Share Posted June 24, 2013 How about the cleaning industry? One has to pay and pay for this cleaner or that cleaner or that fixer-upper. And they sure don't come cheap! Windows is like a rug. Anything which enters it. leaves some dirt behind. And you know how well rugs collect dirt! Cheers! If that's the case, you're using the wrong tools or paying for scareware -- scan for free and show hundreds of fake problems. All of the tools I use helping people are free. As to programs leaving dirt behind, yes, that part is correct when it come to the profit-mongering bums who create the unwanted add-ons. Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted June 25, 2013 Share Posted June 25, 2013 (edited) If that's the case, you're using the wrong tools or paying for scareware -- scan for free and show hundreds of fake problems. All of the tools I use helping people are free. As to programs leaving dirt behind, yes, that part is correct when it come to the profit-mongering bums who create the unwanted add-ons. Me too. And the tools specific to certain types of malware problems are done by some wonderfully gifted people. Even the antivirus software from Microsoft is free (Microsoft Security Essentials - free for any current version of Windows prior to Windows 8, and Windows Defender is built-in to Windows 8). Edited June 25, 2013 by LilBambi Quote Link to comment Share on other sites More sharing options...
zlim Posted June 25, 2013 Share Posted June 25, 2013 The only tool I pay for is Malwarebytes and that is my choice. The free version cleans just as well as the paid version. Since I want real time protection, I have purchased the program (4 times) and installed it on 4 computers. The other computers in the house use the free version. Quote Link to comment Share on other sites More sharing options...
onederer Posted June 25, 2013 Share Posted June 25, 2013 I've been using ZoneAlarm (free) for years. Never had any problems with it. And now it's come out with built-in virus checker, which is a plus. So I've been able to drop my (free) virus checker. One less item to maintain. I used to go to PCPitStop. They used to be good in removing things that an anti-virus coudn't find. But now that they have gone highly commercial, I don't trust them anymore, except to test my PC speed, and other computer operating system parameters. They don't fix anythig anymore. Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted June 26, 2013 Share Posted June 26, 2013 JRT, ADWCleaner and TFC to the rescue again for a malware cocktail today that included things like Conduit and a bunch more! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.