Need Help! Suspect Spyware on My PC

[tivu100]

Last couple days I saw many iexplore.exe opened in Task Manager-> Processes, but there is none visible IE on screen. Then today, there is a session when I am on Firefox and it's so laggy while Task manager shows low CPU and RAM usage (my PC is old, however, when it's lagging, it's usually due to program using RAM/ CPU. Not this case). Then using Firefox further, I was redirected to http://searchportal.information.com/?a_id=12349&domainname=referer_detect twice. One other time, when use Google search tool, I got redirected to a page said somthing like: "We detect high traffic from your location", then there is a capcha to be typed in (Even when I hit back and typed anything search word, this page still turned up). I didn't type anything in. I just turned off Firefox.

I am on Windows 7 SP1 Home edition.

 

[Pedeadstrian]

Last couple days I saw many iexplore.exe opened in Task Manager-> Processes, but there is none visible IE on screen. Then today, there is a session when I am on Firefox and it's so laggy while Task manager shows low CPU and RAM usage (my PC is old, however, when it's lagging, it's usually due to program using RAM/ CPU. Not this case). Then using Firefox further, I was redirected to http://searchportal.information.com/?a_id=12349&domainname=referer_detect twice. One other time, when use Google search tool, I got redirected to a page said somthing like: "We detect high traffic from your location", then there is a capcha to be typed in (Even when I hit back and typed anything search word, this page still turned up). I didn't type anything in. I just turned off Firefox.

I am on Windows 7 SP1 Home edition.

By "Google search tool" do you mean the search bar to the right of the URL? If so, any programs you install can change your default search provider. If I had to guess, you installed a program that decided to install another program (in this case a PUP, or potentially unwanted program). I recommend going through your recently installed programs list (with either Windows' Programs and Features) or using a program like Revo Uninstaller to get rid of any PUPs.

 

[cots]

You can try scanning your computer with 'Spybot Search and Destroy'. It usually takes care of the easily removed spyware infestations.

 

[tivu100]

By "Google search tool" do you mean the search bar to the right of the URL? If so, any programs you install can change your default search provider. If I had to guess, you installed a program that decided to install another program (in this case a PUP, or potentially unwanted program). I recommend going through your recently installed programs list (with either Windows' Programs and Features) or using a program like Revo Uninstaller to get rid of any PUPs.

Yes. Search bar on the right side of Firefox URL address bar.

I haven't installed anything recently (only download stuff, mostly 3DS homebrew, CFW build,...). Most recent installed programs in Revo Uninstaller are: Adbe Flash Player 18 ActiveX, Adebe Flash Player 18 NPAPI, Google Chrome (This must be an update because I haven't touched Google Chrome for months), Norton Internet Security (Update to the latest Norton build).

Update: I go to bed now, so there won't be response from my part any time soon. Good night guys.

 

[Pedeadstrian]

Yes. Search bar on the right side of Firefox URL address bar.

I haven't installed anything recently (only download stuff, mostly 3DS homebrew, CFW build,...). Most recent installed programs in Revo Uninstaller are: Adbe Flash Player 18 ActiveX, Adebe Flash Player 18 NPAPI, Google Chrome (This must be an update because I haven't touched Google Chrome for months), Norton Internet Security (Update to the latest Norton build).

Well, in order for your default search engine to have been changed, you either installed something unknowingly and/or got a trojan. You could try following the instructions here to fix your problem: http://forums.mozillazine.org/viewtopic.php?f=38&t=1822845&p=9036965#p9036965

 

[TecXero]

Malwarebytes and Avast usually work well together to easily dig out pesky software like that. That's what I recommend to my customers that tend to be rather ignorant with computers, anyway.

 

[tivu100]

I'd run the recommended softwares on here. I saw that there is no longer iexplore.exe on task manager.

However, when searching to try a way to delete (old/stored) password of "microsd management app", I came across "Control Panel\User Accounts and Family Safety\Credential Manager". There, I saw this "virtualapp/didlogical" created on August 13 (the date I saw the suspicious behavior of my PC as well as created this thread). It's under Generic Credentials. See photo attachment.

Also there are 2 "Microsoft Virtual WiFi Miniport Adapter" in Control Panel\Network and Internet\Network Connections.

As I said in my previous post, I didn't install anything, but update of some essential, and windows update!!!

This is Windows 7 Home Premium.

Upddate:In Command Prompt, by running rundll32.exe keymgr.dll, KRShowKeyMgr . I saw that this is associted with WindowsLive which I never used (who would anyways).
----

Need help: Looking for a way to delete old password to access to the N3DS through the "MicroSD Management" app.

I connected my friend N3DS to my PC long ago. When he had his N3DS back he changed the username/password of this "MicroSD Management" app. Now I had his N3DS with me to install Ironhax (need to put files on microsd. Can't find a suitable screwdriver), I can't get access to the microSD through this app because of the old password.

 

[tivu100]

Malwarebytes and Avast usually work well together to easily dig out pesky software like that. That's what I recommend to my customers that tend to be rather ignorant with computers, anyway.

I read this thread when researching unsecapp.exe on Windows Task Manager http://www.tomshardware.com/answers/id-2154724/unsecapp-exe-process.html

Update: even if I removed "virtualapp/didlogical" in "Control Panel\User Accounts and Family Safety\Credential Manager"; after reboot it returns.

 

[Meeooww]

If you can computer this might be useful.

https://www.emsisoft.com/en/software/eek/

If possible I would run it in safe mode if you wish to be extra secure that the threat has been deleted.

 

[amoulton]

One other time, when use Google search tool, I got redirected

If you literally were trying to access google.com and you were then redirected you probably have 'cool web search' which digs deeper into the system than a standard search engine change. I use this utility, CWShredder and it does a more targeted attack on this particular type of malware than S&D.

 

[TecXero]

I read this thread when researching unsecapp.exe on Windows Task Manager http://www.tomshardware.com/answers/id-2154724/unsecapp-exe-process.html

Update: even if I removed "virtualapp/didlogical" in "Control Panel\User Accounts and Family Safety\Credential Manager"; after reboot it returns.

It might be part of a package or it might be pulling some registry nonsense. I couldn't tell you exactly what it is, as a lot of malicious software tends to use names of official files and software.

 

[tivu100]

If you can computer this might be useful.

https://www.emsisoft.com/en/software/eek/

If possible I would run it in safe mode if you wish to be extra secure that the threat has been deleted.

If you literally were trying to access google.com and you were then redirected you probably have 'cool web search' which digs deeper into the system than a standard search engine change. I use this utility, CWShredder and it does a more targeted attack on this particular type of malware than S&D.

Thanks. I will give these programs a try.

It might be part of a package or it might be pulling some registry nonsense. I couldn't tell you exactly what it is, as a lot of malicious software tends to use names of official files and software.

The lengthy post on the link on my previous post (third from the bottom, says the software harvest info from PC. Then others Google search results said it's part of Windows OS. It's quite confusing.

Is there a way to completely remove Windows Live Essential?

 

[TecXero]

Is there a way to completely remove Windows Live Essential?

Well, you can go to your program manager and run the uninstaller. If it's left after that, it could be a fake file (probably not if it's not being detected by decent scanners), just leftover, or used by some other installed program. I wouldn't worry too much unless you're really worried about a few KBs.

 

[tivu100]

Well, you can go to your program manager and run the uninstaller. If it's left after that, it could be a fake file (probably not if it's not being detected by decent scanners), just leftover, or used by some other installed program. I wouldn't worry too much unless you're really worried about a few KBs.

I am worried that someone maybe spying on me.

Also, my laptop is old and slow already, my internet connection's sluggish too. I wouldn't want the spyware or whatever it's it to makes it even slower/unusable. When I first suspected my laptop has spyware, my laptop is near unusable: freez here and there, mouse stuck, keyboard not as responsive as usual, RAMusage is 80%+ using Firefox browers with only 1 tab...

 

[migles]

I am worried that someone maybe spying on me.

Also, my laptop is old and slow already, my internet connection's sluggish too. I wouldn't want the spyware or whatever it's it to makes it even slower/unusable. When I first suspected my laptop has spyware, my laptop is near unusable: freez here and there, mouse stuck, keyboard not as responsive as usual, RAMusage is 80%+ using Firefox browers with only 1 tab...

type msconfig on the start bar, check the startup items
find any process that runs from appdata folder (on both task manager and msconfig)
usually theese nasty things like to be on appdata..

 

[Peloisan]

I like spyhunter myself, whatever works.

 

[tivu100]

iexplore.exe problem returns here and there after some reboot.

I located this file running on my PC rpcnetp.exe. When kill the process, iexplore.exe stopped. However, I can't find a way to remove it.

Read it here https://c0d3h4x0r.wordpress.com/200...-laptops-rcpnetp-exe-rpcnetp-dll-autochk-exe/

http://forums.majorgeeks.com/showthread.php?t=116109

They say it Absolute software (Anti-thelf, which in turn will spy on my system and send away data). But It's installed today (I haven't installed anything). Delete and it comes back after reboot!!!

 

[q9p]

Please download MiniToolBox and save it in a place that you can easily access. Run the tool as an Administrator and make sure your settings look like mine below:

Afterwards, please post the log on a site such as Pastebin.