possible google chrome virus - Horse Racing Forum - PaceAdvantage.Com

highnote · 01-03-2015, 10:25 PM

There is an exe file running on my computer that I can't get to stop.

When I run task manager I can see 10 to 15 instances of the same program running, but it won't let me "end process".

It is called "yvglyvieiavz.exe " and task manager lists it's Description as "Google Chrome".

I right click on the file name in task manager and note the location. I can find the directory it is in, but I can't see the file name.

I boot into safe mode and delete the directory, but when I reboot it comes back and is in a different directory.

I uninstalled Google Chrome, but it yvglyvieiavz.exe still continues to run.

I did a search for the name using search engines, but nothing turned up.

Any ideas?

highnote · 01-03-2015, 10:35 PM

Also, it sits in this path:

C:\Users\computer\AppData\LocalLow\Microsoft\Gctbv wjfsan\Yflcprsore

If I delete it, it reinstalls itself here:

C:\Users\computer\AppData\LocalLow\Adobe\Gctbvwjfs an\Yflcprsore

If I delete it from here then it installs here:

C:\Users\computer\AppData\LocalLow\Evernote\Gctbvw jfsan\Yflcprsore

or here:

C:\Users\computer\AppData\LocalLow\Sun\Gctbvwjfsan \Yflcprsore

And then it repeats.

PaceAdvantage · 01-04-2015, 02:03 AM

Sounds like some sort of malware...Chrome regularly runs tons of instances of itself that you can see in task manager (when you have multiple tabs open in Chrome, for instance).

However, I have never seen them named anything but Chrome.exe.

Sounds like your browser might be hijacked...or worse...

Get a copy of hitman pro:

http://www.surfright.nl/en/hitmanpro/

You may have to use another computer to download it and run it off a USB stick if your PC has been compromised badly...

highnote · 01-04-2015, 03:11 AM

Thanks. I'll try hitman.

I disconnected my computer from the internet and then tried to uninstall Chrome, but it wouldn't. It said I didn't have an internet connection and wouldn't let me uninstall it. I waited for about 5 minutes and the Chrome uninstaller must have timed-out and it finally uninstalled. It didn't solve the problem, though and that weird software kept running and those files and folders that I deleted kept appearing. The weird software and the files reappearing didn't happen in "safe mode", only in a regular boot mode.

Finally, I decided to reset my computer to a restore point -- which, unfortunately, reinstalled Chrome.

However, it was possible then to delete those folders and files that kept reappearing in different places and that weird piece of software is not running now.

I'm going to run Windows Defender overnight. I ran it last night and it found some suspicious files.

I think I must have picked up a virus when someone sent me an email with a link that said something like "Hey -- check out this cool thing I saw on Oprah!" And I was dumb enough to trust it was legit.

I don't think it was actually the Oprah one, but it was something like it. Fool that I am... it probably was a link to Jerry Springer.

Quote:

Originally Posted by PaceAdvantage

Sounds like some sort of malware...Chrome regularly runs tons of instances of itself that you can see in task manager (when you have multiple tabs open in Chrome, for instance).

However, I have never seen them named anything but Chrome.exe.

Sounds like your browser might be hijacked...or worse...

Get a copy of hitman pro:

http://www.surfright.nl/en/hitmanpro/

You may have to use another computer to download it and run it off a USB stick if your PC has been compromised badly...

green80 · 01-04-2015, 04:40 PM

Sounds like it a virus. Some malware is difficult to remove. Some will reinstall if removed. Hitman pro is good but I had to use Spyware Hunter ( they have a 30 day free trial) to remove some lately. Some viruses are in your registry and that makes it more difficult to remove without some good software.

whodoyoulike · 01-04-2015, 04:55 PM

I'm just curious. I have Windows Defender on my newer machine but, I've never run it. Is it as effective as Hitman Pro or, should I have both?

Thanks,

highnote · 01-04-2015, 04:57 PM

Thanks. I'll check spyware hunter, too.

Here's what I don't get...

I did a full scan using Microsoft Security Essentials. It found one virus and removed it. Then I restored my computer to a previous point and ran Microsoft Security Essentials again. It found the same virus.

Now, if Microsoft Security Essentials removed it then how was it able to reappear during a restore?

Same with Chrome. I uninstalled it, but it reinstalled after the restore.

How can a program that was supposedly deleted from a computer reappear after a restoring to a previous point?

Quote:

Originally Posted by green80

Sounds like it a virus. Some malware is difficult to remove. Some will reinstall if removed. Hitman pro is good but I had to use Spyware Hunter ( they have a 30 day free trial) to remove some lately. Some viruses are in your registry and that makes it more difficult to remove without some good software.

JustRalph · 01-04-2015, 05:15 PM

Because you did a "restore" it's a mini image of the drive.

You basically undid the cleaning by running a restore. It's as if everything after the restore point, never occurred.

Btw, Security products from Microsoft suck.

highnote · 01-04-2015, 05:39 PM

Quote:

Originally Posted by whodoyoulike

I'm just curious. I have Windows Defender on my newer machine but, I've never run it. Is it as effective as Hitman Pro or, should I have both?

Thanks,

I tried running Windows Defender, but it was disabled. I got a message something to the effect of saying that another security program was running and defender was not needed.

I assume the message appeared because Microsoft Security Essentials is running constantly in the background.

green80 · 01-04-2015, 05:41 PM

Quote:

Originally Posted by highnote

Thanks. I'll check spyware hunter, too.

Here's what I don't get...

I did a full scan using Microsoft Security Essentials. It found one virus and removed it. Then I restored my computer to a previous point and ran Microsoft Security Essentials again. It found the same virus.

Now, if Microsoft Security Essentials removed it then how was it able to reappear during a restore?

Same with Chrome. I uninstalled it, but it reinstalled after the restore.

How can a program that was supposedly deleted from a computer reappear after a restoring to a previous point?

You may have had that virus at the time you did the restore point or it is one of the viruses that reinstalls itself. Some viruses are difficult to remove and will not be removed by microsoft security essentials or other software. Some good virus removal software contain an option for alternate removal methods.

Microsoft security essentials is not one of the better virus removal tools.
Hitman pro, as mentioned in some previous posts has often found stuff that other programs missed. Besides an antivirus program you also may need multiple anti spyware or anti-malware programs to remove everything.

highnote · 01-04-2015, 05:51 PM

Quote:

Originally Posted by JustRalph

Because you did a "restore" it's a mini image of the drive.

You basically undid the cleaning by running a restore. It's as if everything after the restore point, never occurred.

Btw, Security products from Microsoft suck.

My computer backs up to an external drive after every reboot. So that means if I ever have to restore from the backup drive I'll probably have a virus on the back-up.

I've been pretty fortunate to avoid viruses. I thought I was careful about clicking on links in emails. Every once in awhile I make a mistake though and click on something without thinking.

I remember getting a virus called the Happy99 virus back in 1999. It came to me in an email from a person who worked the racing industry in South America. I opened up an email that had a link to something like "Happy New Year 1999" and a little program ran that shot off images of fireworks in a little box on the screen.

I didn't think anything of it, until I sent an email to a woman in Canada who wanted to buy an old Renault automobile from me. She complained that my email gave her a virus.

The weird thing is that she was the only one who mentioned getting it from me.

It was easy to remove and I never had the problem again.

My computer may have gotten infected through Yahoo email. When they got hacked I did not change the password to my yahoo email account because I never use that address, but people who were in my yahoo address book have gotten emails from my address that I didn't send -- the kind of emails that have a link that says "I saw this on Oprah. It's awesome".

JustRalph · 01-04-2015, 08:25 PM

I made a lot of money fixing happy 99.

highnote · 01-04-2015, 08:35 PM

Quote:

Originally Posted by JustRalph

I made a lot of money fixing happy 99.

Funny that internet viruses are about as old as the internet.

The surprise is that anyone would trust that the internet is a safe place for important data.

Longshot6977 · 01-04-2015, 09:03 PM

Quote:

Originally Posted by highnote

Here's what I don't get...

I did a full scan using Microsoft Security Essentials. It found one virus and removed it. Then I restored my computer to a previous point and ran Microsoft Security Essentials again. It found the same virus.

This is a 'spawning' virus and is a little more difficult to remove thoroughly. It may be a fairly new one called Trojan.AdClicker or Trojan.Poweliks. Upon boot-up it replicates itself and spawns off multiple processes (with weird file names that fool Chrome) that steal memory and slow your PC down dramatically. Try rebooting in safe mode and use the admin account when you get to Windows. Then try these suggestions:

A) Run a small built in app called MSConfig. (do a search on your PC if you don't know where it is) Then select the Startup tab.

B)Look for the strange-looking exe program(s) you mentioned or anything that is spelled weird like a jumble of letters. Remove their check marks from the startup list.

C) Click Ok and Exit with Restart

D) Reboot as normal. If joy, then Yay! If no joy, then go to E).

E) Download a small, but very powerful and free program called Combofix. Run it and follow the directions on screen. This nifty app will scrub clean your PC like nothing else.(takes a while, be patient). It checks/cleans rootkits too.

F) If joy, then yay! If no joy, run your favorite AV/malware apps like Hitman pro, Malware Bytes Antimalware, Microsoft Malicious Removal Tool etc. It is fine and recommended to run several of these apps since not all apps can do everything well.

G) If still NG, you will need to delve into the abyss of the registry. I will not show you what to do in the registry since you can screw up your PC if you don't know what you're doing. Go to H.

H) Go into your folder called C:\Users\<localuser>\AppData\ and look in the subfolders Local, locallow,roaming and temp and delete the virus(weird name exe file). If you can't delete it, try renaming it. If it is renamed, the registry can't find it to run it, cool huh?

The above suggestions will most likely get rid of the virus. Happy cleaning and good luck.

Longshot6977 · 01-06-2015, 07:53 AM

Highnote- did you try the recommendations i gave? Did you get rid of the virus?