Author Topic: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install  (Read 45364 times)

0 Members and 1 Guest are viewing this topic.

TokeiLampin

  • Guest
C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« on: January 18, 2014, 12:54:21 AM »
Can you help me?...automaticly my pc install C:\Program Files\gssoft\gswb\2.8.1.0113 and me keep uninstall then the application suddenly install without me install ...already scan with avast but found nothing

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #1 on: January 18, 2014, 12:56:13 AM »
Hi,

Please go here: http://forum.avast.com/index.php?topic=53253.0

We need MBAM/OTL/aswMBR logs. After that I can have someone help you.. If you post logs within the next 3-4 hours it may take another 4-5 hours before someone answers since most are in the UK and are asleep.
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

TokeiLampin

  • Guest
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #2 on: January 18, 2014, 03:30:10 AM »
OTL Done

TokeiLampin

  • Guest
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #3 on: January 18, 2014, 11:32:52 AM »
aswMBR logs

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #4 on: January 18, 2014, 11:38:33 AM »
I've notified someone to come help you.

Warning: Windows XP Support OS will end by microsoft @ April 8, 2014. After that, most security exploits will be exploited leaving your system more vunerable.
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #5 on: January 18, 2014, 04:11:30 PM »
Using hacks and keygens is not conducive to your safety

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:Commands
[CREATERESTOREPOINT]

:OTL
SRV - File not found [Auto | Stopped] -- C:\Program Files\gssoft\gswb\2.8.1.0113\Config.exe StartService -- (GuangSuServer)
IE - HKU\S-1-5-21-1801674531-682003330-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 184.106.170.252:8080
O2 - BHO: (Í㶹¼Ô apk °²×°Æ÷) - {000DA090-57AA-424B-A8F0-621B7C08B8F4} - C:\Program Files\WandouLabs\wandoujia_bho.dll File not found
O2 - BHO: (no name) - {452ADB5B-00BE-469D-A65F-3046146B2ED5} - No CLSID value found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1801674531-682003330-839522115-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O33 - MountPoints2\{d89f83f3-801a-11de-a1cb-d967a5b45335}\Shell\AutoRun\command - "" = H:\upx.bat
O33 - MountPoints2\{d89f83f3-801a-11de-a1cb-d967a5b45335}\Shell\open\Command - "" = H:\upx.bat
[2014/01/17 06:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seven By Four\Application Data\gssoft

:Files
C:\Documents and Settings\Seven By Four\Desktop\Fail Kerja\TOOLS FOR DOWNLOAD AND INSTALLATION\HackPack V 1.1
C:\Documents and Settings\Seven By Four\Desktop\Jual\N90.N70.stuff\GAMES\Symbian\maumau_s60_2_35\Keygen.exe
C:\Program Files\gssoft

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

TokeiLampin

  • Guest
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #6 on: January 19, 2014, 06:08:25 AM »
After finish OTL this are log..hope all the program stop after this

TokeiLampin

  • Guest
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #7 on: January 19, 2014, 06:40:12 AM »
The program still runinng and run popup like this

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #8 on: January 19, 2014, 12:47:10 PM »
Does this occur in any specific browser ?

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks




  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.[/b]
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

TokeiLampin

  • Guest
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #9 on: January 19, 2014, 05:25:00 PM »
Sorry not read properly just download it from google chrome then just click lauch the program until reboot back the i found the file must run from desktop now the problem show like this. and the thing still run without click anything.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #10 on: January 19, 2014, 06:34:05 PM »
OK does combofix not run if it is placed on the desktop

TokeiLampin

  • Guest
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #11 on: January 19, 2014, 11:34:39 PM »
Now combofix at c:/combofix and not at desktop...should i cut that c:/combofix to desktop. where to find log if i just install at c:/combofix coz not found ComboFix.txt at C:\ComboFix.txt

TokeiLampin

  • Guest
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #12 on: January 20, 2014, 02:31:04 PM »
Should i uninstall it back?

using Start->run->combofix /uninstall or Start->run->copy combofix /uninstall

then install back at desktop?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #13 on: January 20, 2014, 03:16:43 PM »
Just download a fresh copy and save it to your desktop, then run from there 

TokeiLampin

  • Guest
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #14 on: January 20, 2014, 03:36:43 PM »
Already uninstall and run from desktop the not found any combofix.txt only still got combofix at c: and the adware still runinng...and 1 problem i found is when open google chroome to this forum and want click reply it download index.php ..suddenly weird  :-[ :-[ :-[