Sign in to follow this  
Followers 0
mfreddy

eSQ1zrkb malware

11 posts in this topic

Does anyone know what eSQ1zrkb download is?  It keeps going into my downloads folder when I am on my yahoo mail, which is most of the day when I'm in the office.  I don't think the program has run, just keeps placing itself in my downloads folder. 

Share this post


Link to post
Share on other sites

I have eset running now.  Superantispyware doesn't pick it up but I can remove it from my downloads folder.  My first instance of this was August 20th and I've run ESET since then so I don't think it's going to pick it up either

Share this post


Link to post
Share on other sites

Can you download and run FRST

 

Select whether you need the 64bit or the 32bit version.

 

Save it to your desktop.

 

It will present you with 2 text files after the scan please Attach both back here in your next post.

Share this post


Link to post
Share on other sites

Looking through those lists there doesn't seem to be anything to do with the file in question however there are a few others.

 

Please paste this into Notepad and save as fixlist.text in the folder you saved the FRST program fro example c:users/Desktop/FRST

 

IT Is Important That Both Fixlist.txt and FRST64 are in the same file location for the fix to work.

 

Start
CreateRestorePoint:
CloseProcesses:
Emptytemp:
Task: {0EC94263-580B-401C-A59F-851ADAF347C4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {0FAEB06F-2132-40FD-9A38-80966DC9F73B} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {176018B3-E48C-4843-8D76-11F88AD904AE} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {31424370-7D8F-40FE-A6BB-8AA09568ECCE} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {3275B2F9-73B1-48C7-8E83-1AB052946313} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {345D6255-EAEC-4407-B07E-CAF971A3D868} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {4DD0F8BD-AAA6-4706-8DEA-C0028040A00B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {67A4CB27-A4E5-4114-8EA6-BAEDC0853932} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {8535DF1D-6C79-4CD1-BDC1-E4C532E10436} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {99FDF498-7DA2-43EC-B25E-3CE36D48BB8A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {A03AD63A-5744-42B5-B2A0-789F3C3A1691} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {A5F56582-1EB2-4DBF-A8F0-1E3CB76727C9} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
Task: {B9251500-E013-4127-B745-B9CAE7D3C250} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {C08446BF-E8D9-4FD0-ABCF-216273FE0541} - \WPD\SqmUpload_S-1-5-21-3234112064-1012212086-1859580584-1002 -> No File <==== ATTENTION
Task: {CDC600D3-7187-43EF-BB31-899159A5E8BC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F2984620-C661-4F2E-9C24-89556A186E8B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {FFB71CA7-E742-4DB5-BDCF-B8B7BE8787E8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
URLSearchHook: [s-1-5-21-3234112064-1012212086-1859580584-1006_classes] ATTENTION => Default URLSearchHook is missing
CMD: ipconfig /flushdns
END

Then run FRST and select the FIX button.

 

It may ask for a restart after running and it will display a txt file of the result, please attach that to your next reply.

Share this post


Link to post
Share on other sites

Looks like those items were removed but as I said before there was nothing to do with the file in question, it may just be something associated with Edge browser.

 

It's looking better now but you may wish to associate a home page instead of the HP.com page.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0