Author Topic: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install  (Read 45366 times)

0 Members and 1 Guest are viewing this topic.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #30 on: January 23, 2014, 06:50:45 PM »
How is the computer now ?

TokeiLampin

  • Guest
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #31 on: January 24, 2014, 12:09:22 AM »
After that make still got that adware and program still install then me run back the script for second time...and combofix alert some new update me click update then it update and seems like install back...it run on normal mode and on 50 after want delete computer restart like before then i click F8 and run on safe mode ... with no CFScript.txt and until now seems not see any popup or install any program.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #32 on: January 24, 2014, 02:56:29 PM »
So they are no longer present ?  Please do not use cracks or keygens as this is where the malware came from.  If you continue you will get infected again, although next time it could be Virut

TokeiLampin

  • Guest
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #33 on: January 25, 2014, 11:30:15 AM »
Actually first time me det this from microsoft udate for internet explorer..after me update that suddenly me see that proram come install ...me uninsttal then it keep insttal back...then 2-3 days after that the popup come

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #34 on: January 25, 2014, 02:55:58 PM »
Has it now gone ?

TokeiLampin

  • Guest
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #35 on: January 26, 2014, 11:58:03 PM »
Is all coming back to me now - celine dion...after me left it without running any application the advertise run back...the program keep install

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #36 on: January 27, 2014, 05:11:57 PM »
Could you run me a fresh OTL scan please...  Have you recently downloaded any new software ?

TokeiLampin

  • Guest
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #37 on: January 27, 2014, 07:22:18 PM »
Not running anything just leave it without open anything then see it automaticly install and run..

TokeiLampin

  • Guest
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #38 on: January 27, 2014, 09:41:39 PM »
OTL

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #39 on: January 27, 2014, 10:15:37 PM »
OK lets try this

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:Commands
[CREATERESTOREPOINT]

:OTL
SRV - [2013/12/23 09:57:14 | 001,336,768 | ---- | M] (www.guangsu.cn) [Auto | Stopped] -- C:\Program Files\gssoft\gswb\2.8.1.0113\Config.exe -- (GuangSuShuRuFaService)
O2 - BHO: (Í㶹¼Ô apk °²×°Æ÷) - {000DA090-57AA-424B-A8F0-621B7C08B8F4} - C:\Program Files\WandouLabs\wandoujia_bho.dll File not found
[2014/01/27 04:51:58 | 001,430,976 | ---- | C] (www.guangsu.cn) -- C:\WINDOWS\System32\gswb.ime
[2014/01/27 04:50:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Seven By Four\Application Data\gssoft
[2014/01/27 00:40:08 | 000,000,000 | ---D | C] -- C:\Program Files\gssoft
[2014/01/26 01:36:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Seven By Four\Application Data\Wandoujia2
[2014/01/17 06:29:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\gssoft

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

TokeiLampin

  • Guest
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #40 on: January 27, 2014, 10:34:47 PM »
I found some information about that popup but in chinese

http://user.qzone.qq.com/1205313146/blog/1385196159

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #41 on: January 27, 2014, 11:03:46 PM »
Did you run the OTL fix as that will clear out the temporary files as well

TokeiLampin

  • Guest
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #42 on: January 28, 2014, 12:21:09 AM »
OTL finish log

TokeiLampin

  • Guest
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #43 on: January 28, 2014, 04:14:41 AM »
Quick Scan setting and OTL Log

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #44 on: January 28, 2014, 03:34:23 PM »
I can see no further sign in the log, has it gone ?