Need Help! Suspect Spyware on My PC

Discussion in 'Computer Software and Operating Systems' started by tivu100, Aug 13, 2015.

  1. tivu100
    OP

    tivu100 GBAtemp Advanced Maniac

    Member
    1,990
    431
    Jun 6, 2015
    United States
    Last couple days I saw many iexplore.exe opened in Task Manager-> Processes, but there is none visible IE on screen. Then today, there is a session when I am on Firefox and it's so laggy while Task manager shows low CPU and RAM usage (my PC is old, however, when it's lagging, it's usually due to program using RAM/ CPU. Not this case). Then using Firefox further, I was redirected to http://searchportal.information.com/?a_id=12349&domainname=referer_detect twice. One other time, when use Google search tool, I got redirected to a page said somthing like: "We detect high traffic from your location", then there is a capcha to be typed in (Even when I hit back and typed anything search word, this page still turned up). I didn't type anything in. I just turned off Firefox.

    I am on Windows 7 SP1 Home edition.
     
  2. Pedeadstrian

    Pedeadstrian GBAtemp's Official frill-necked lizard.

    Member
    3,510
    1,562
    Oct 12, 2012
    United States
    Sandy Eggo
    By "Google search tool" do you mean the search bar to the right of the URL? If so, any programs you install can change your default search provider. If I had to guess, you installed a program that decided to install another program (in this case a PUP, or potentially unwanted program). I recommend going through your recently installed programs list (with either Windows' Programs and Features) or using a program like Revo Uninstaller to get rid of any PUPs.
     
    tivu100 and HaloEffect17 like this.
  3. cots

    cots GBAtemp Fan

    Member
    488
    315
    Dec 29, 2014
    United States
    You can try scanning your computer with 'Spybot Search and Destroy'. It usually takes care of the easily removed spyware infestations.
     
    tivu100 and HaloEffect17 like this.
  4. tivu100
    OP

    tivu100 GBAtemp Advanced Maniac

    Member
    1,990
    431
    Jun 6, 2015
    United States
    Yes. Search bar on the right side of Firefox URL address bar.

    I haven't installed anything recently (only download stuff, mostly 3DS homebrew, CFW build,...). Most recent installed programs in Revo Uninstaller are: Adbe Flash Player 18 ActiveX, Adebe Flash Player 18 NPAPI, Google Chrome (This must be an update because I haven't touched Google Chrome for months), Norton Internet Security (Update to the latest Norton build).

    Update: I go to bed now, so there won't be response from my part any time soon. Good night guys.
     
  5. Pedeadstrian

    Pedeadstrian GBAtemp's Official frill-necked lizard.

    Member
    3,510
    1,562
    Oct 12, 2012
    United States
    Sandy Eggo
    Well, in order for your default search engine to have been changed, you either installed something unknowingly and/or got a trojan. You could try following the instructions here to fix your problem: http://forums.mozillazine.org/viewtopic.php?f=38&t=1822845&p=9036965#p9036965
     
    tivu100 likes this.
  6. TecXero

    TecXero Technovert

    Member
    2,814
    906
    Apr 13, 2014
    United States
    Mainframe
    Malwarebytes and Avast usually work well together to easily dig out pesky software like that. That's what I recommend to my customers that tend to be rather ignorant with computers, anyway.
     
    tivu100 and HaloEffect17 like this.
  7. tivu100
    OP

    tivu100 GBAtemp Advanced Maniac

    Member
    1,990
    431
    Jun 6, 2015
    United States
    I'd run the recommended softwares on here. I saw that there is no longer iexplore.exe on task manager.

    However, when searching to try a way to delete (old/stored) password of "microsd management app", I came across "Control Panel\User Accounts and Family Safety\Credential Manager". There, I saw this "virtualapp/didlogical" created on August 13 (the date I saw the suspicious behavior of my PC as well as created this thread). It's under Generic Credentials. See photo attachment.

    Also there are 2 "Microsoft Virtual WiFi Miniport Adapter" in Control Panel\Network and Internet\Network Connections.

    As I said in my previous post, I didn't install anything, but update of some essential, and windows update!!!

    This is Windows 7 Home Premium.

    Upddate:In Command Prompt, by running rundll32.exe keymgr.dll, KRShowKeyMgr . I saw that this is associted with WindowsLive which I never used (who would anyways).
    ----

    Need help: Looking for a way to delete old password to access to the N3DS through the "MicroSD Management" app.

    I connected my friend N3DS to my PC long ago. When he had his N3DS back he changed the username/password of this "MicroSD Management" app. Now I had his N3DS with me to install Ironhax (need to put files on microsd. Can't find a suitable screwdriver), I can't get access to the microSD through this app because of the old password.
     

    Attached Files:

    Last edited by tivu100, Aug 21, 2015
  8. tivu100
    OP

    tivu100 GBAtemp Advanced Maniac

    Member
    1,990
    431
    Jun 6, 2015
    United States
    I read this thread when researching unsecapp.exe on Windows Task Manager http://www.tomshardware.com/answers/id-2154724/unsecapp-exe-process.html

    Update: even if I removed "virtualapp/didlogical" in "Control Panel\User Accounts and Family Safety\Credential Manager"; after reboot it returns.
     
  9. Meeooww

    Meeooww Member

    Newcomer
    27
    48
    Aug 13, 2012
    United States
    OwO
    tivu100 likes this.
  10. amoulton

    amoulton GBAtemp Fan

    Member
    329
    154
    Nov 18, 2014
    United States
    Franklin, Massachusetts
    If you literally were trying to access google.com and you were then redirected you probably have 'cool web search' which digs deeper into the system than a standard search engine change. I use this utility, CWShredder and it does a more targeted attack on this particular type of malware than S&D.
     
    tivu100 likes this.
  11. TecXero

    TecXero Technovert

    Member
    2,814
    906
    Apr 13, 2014
    United States
    Mainframe
    It might be part of a package or it might be pulling some registry nonsense. I couldn't tell you exactly what it is, as a lot of malicious software tends to use names of official files and software.
     
    tivu100 likes this.
  12. tivu100
    OP

    tivu100 GBAtemp Advanced Maniac

    Member
    1,990
    431
    Jun 6, 2015
    United States
    Thanks. I will give these programs a try.

    The lengthy post on the link on my previous post (third from the bottom, says the software harvest info from PC. Then others Google search results said it's part of Windows OS. It's quite confusing.

    Is there a way to completely remove Windows Live Essential?
     
  13. TecXero

    TecXero Technovert

    Member
    2,814
    906
    Apr 13, 2014
    United States
    Mainframe
    Well, you can go to your program manager and run the uninstaller. If it's left after that, it could be a fake file (probably not if it's not being detected by decent scanners), just leftover, or used by some other installed program. I wouldn't worry too much unless you're really worried about a few KBs.
     
    tivu100 likes this.
  14. tivu100
    OP

    tivu100 GBAtemp Advanced Maniac

    Member
    1,990
    431
    Jun 6, 2015
    United States
    I am worried that someone maybe spying on me.

    Also, my laptop is old and slow already, my internet connection's sluggish too. I wouldn't want the spyware or whatever it's it to makes it even slower/unusable. When I first suspected my laptop has spyware, my laptop is near unusable: freez here and there, mouse stuck, keyboard not as responsive as usual, RAMusage is 80%+ using Firefox browers with only 1 tab...
     
  15. migles

    migles Mei the sexiest bae

    Member
    GBAtemp Patron
    migles is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    6,827
    4,573
    Sep 19, 2013
    Saint Kitts and Nevis
    my dad works for nintendo.
    type msconfig on the start bar, check the startup items
    find any process that runs from appdata folder (on both task manager and msconfig)
    usually theese nasty things like to be on appdata..
     
    tivu100 likes this.
  16. Peloisan

    Peloisan Newbie

    Newcomer
    6
    2
    Aug 12, 2015
    I like spyhunter myself, whatever works.
     
    tivu100 likes this.
  17. tivu100
    OP

    tivu100 GBAtemp Advanced Maniac

    Member
    1,990
    431
    Jun 6, 2015
    United States
    iexplore.exe problem returns here and there after some reboot.

    I located this file running on my PC rpcnetp.exe. When kill the process, iexplore.exe stopped. However, I can't find a way to remove it.

    Read it here https://c0d3h4x0r.wordpress.com/200...-laptops-rcpnetp-exe-rpcnetp-dll-autochk-exe/

    http://forums.majorgeeks.com/showthread.php?t=116109

    They say it Absolute software (Anti-thelf, which in turn will spy on my system and send away data). But It's installed today (I haven't installed anything). Delete and it comes back after reboot!!!
     
  18. q9p

    q9p GBAtemp Regular

    Member
    145
    74
    Aug 14, 2015
    United States
    Pensacola, FL
    Please download MiniToolBox and save it in a place that you can easily access. Run the tool as an Administrator and make sure your settings look like mine below:

    [​IMG]

    Afterwards, please post the log on a site such as Pastebin.