I am curious. I recently used norton power ereaser, but it found a problem at the end with something saying it was bad. It said my sketchbookpro snapshot was bad and needed to be removed. Which is odd I have used power eraser with this before and ntohing. Why is it now saying there is a problem. I also have an odd issues with chrome. A while back when I started it and checked my task amanger there was somethign called instant new tab in it. I just ended it and it didn't come back unless I made a new tab or restarted chrome. When I make a new tab and go somewhere else it just stays till i manually end it. This issue ended on it's own for a while but with the new chrome update it came back waht si this as well?

I am curious. I recently used norton power ereaser, but it found a problem at the end with something saying it was bad. It said my sketchbookpro snapshot was bad and needed to be removed. Which is odd I have used power eraser with this before and ntohing. Why is it now saying there is a problem. I also have an odd issues with chrome. A while back when I started it and checked my task amanger there was somethign called instant new tab in it. I just ended it and it didn't come back unless I made a new tab or restarted chrome. When I make a new tab and go somewhere else it just stays till i manually end it. This issue ended on it's own for a while but with the new chrome update it came back waht si this as well?

curious if a file was corrputed how do I fix it, and what happens if I do not fix it or let norton remove it/uninstall it myself?

Hi Darigan222, we don't advise using Power Eraser, as it is an advanced tool which can sometimes remove critical files.

It's likely that Chrome added an extension Google wished to push to you. I uninstalled it, for that reason.

Run a Full Scan with Norton, just to make sure nothing untoward has happened.

To check your Windows files you can use the Command Prompt with Administrator privileges and in the Run box, type in  sfc /scannow. Note the space after sfc.

This will check your Windows file system, and attempt to repair any corrupted ones.

well i ran a scan and nothing popped up i tend to run those a lot so yea. So it was just somethign chrome did. Curious though my cpu is running a little higher than usal it was why i was worried. I usually when on chrome run anywhere to 2.10-2.80 ram as the day goes on it reaches the 2.80ish level I have more than enough ram space though although I still worry. Although at points just watching videos on youtube it went to 3.10ish I assume that was goggle too? Also what does that command promt scan do and is there anything else I need to know about it?

Your ram usage may be due to the way Chrome handles memory use. If it only peaks occasionally, nothing to worry about.

If you are an administrator on your computer, just select Run, and type in sfc /scannow ,  and it will check all your Windows files for errors.

If it finds any, it will attempt to fix the errors and will advise you.

It doesn't normally take very long, unless you have a huge HDD with lots of files !

okay thanks but your scannow thing in run didn't work and I am the only user on the computer theirfore I have admin on this one? so what did I do wrong?

Check in Control Panel/User Accounts to make sure you are listed as an Administrator. Then click on

All Program/Accessories/Command Prompt and type in sfc /scannow.

In Windows 7 you can add the Run command to your menu list

http://windows.microsoft.com/en-au/windows/what-happened-run-command#1TC=windows-7

Okay so I did the command scan. It said it did not find any problems. Then why did power eraser say it was bad?

I think--given that you've had clean scans of this file before, there's a significant likelihood that some new and/or sophisticated malware has slipped in. I'd suggest you run a good secondary scanner, like the free version only of malwarebytes--which is less effective at keeping nasties off your computer, but somewhat better at detecting malware after it's become entrenched enough to require expert human intervention.

You can get the program here: http://downloads.malwarebytes.org/mbam-download.php

Do not upgrade to or accept the free trial of the paid version: like your Norton, it contains real-time scanning functionality, and having two programs that do this installed on the same machine will cause problems. The free version omits these functions, and so is safe to use as a "wingman" for your Norton.

If malwarebytes finds anything--or if it won't install--then we'll want to refer you to a specialized "removalist" forum (also free) for some one-on-one attention.

Keep us posted.

V/R,

--DistEd2

Sorry ment more of Malwerebytes found things. So now what do i do?

As a note to the first thing I said invovling what it found. I had it remove what it found. Here is the infomation regarding it.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.15.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Jared :: JAREDHOMEPC [administrator]

1/15/2014 6:46:55 PM
mbam-log-2014-01-15 (18-46-55).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 436193
Time elapsed: 54 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCR\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\Users\Jared\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Jared\AppData\Roaming\OpenCandy\4312B8FD2AF24B1FB92CBABD7D1E5777 (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.

Files Detected: 2
C:\Users\Jared\AppData\Roaming\OpenCandy\4312B8FD2AF24B1FB92CBABD7D1E5777\SliderCOTMv4.1.24.2_20131003.msi (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
C:\Users\Jared\AppData\Roaming\OpenCandy\4312B8FD2AF24B1FB92CBABD7D1E5777\WeCare_COTM_ALL_p3v4.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.

(end)

so am i good now. It didn't find anything regarding the sketchbooksnap shot thing that came with sketchbook pro.

Hi, Darigan222. From your scan log, it looks like everything is fine. MBytes found several Pups, and removed them.

If subsequent scans come up clean, say a QuickScan by both Norton and MBytes, to check then I'd say everything's ok.

Let us know, if you have any further problems.

---

Darigan222 wrote:

As a note to the first thing I said invovling what it found. I had it remove what it found. Here is the infomation regarding it.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.15.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Jared :: JAREDHOMEPC [administrator]

1/15/2014 6:46:55 PM
mbam-log-2014-01-15 (18-46-55).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 436193
Time elapsed: 54 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCR\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\Users\Jared\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Jared\AppData\Roaming\OpenCandy\4312B8FD2AF24B1FB92CBABD7D1E5777 (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.

Files Detected: 2
C:\Users\Jared\AppData\Roaming\OpenCandy\4312B8FD2AF24B1FB92CBABD7D1E5777\SliderCOTMv4.1.24.2_20131003.msi (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
C:\Users\Jared\AppData\Roaming\OpenCandy\4312B8FD2AF24B1FB92CBABD7D1E5777\WeCare_COTM_ALL_p3v4.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.

(end)

 

so am i good now. It didn't find anything regarding the sketchbooksnap shot thing that came with sketchbook pro.

---

Join the crowd!

http://qmalwareremoval.freeforums.net/thread/67/fake-application-attack-blocked-fixed

I have deleted the thread creators thread on the other forum, as the user is getting instructions from users here, including programs to run and proccedures.

Which is a NO NO over there

Quads

Quads,

As always, I stopped giving the user instructions at the point where I suggested he consult one of the removalist forums--in fact I explicitly instructed him (as you've doubtless seen me do here before) not to talk to anyone (including me) once he'd opened a thread. And it was malwarebytes still finding stuff (after he came here having run NPE, as you can see from his thread title) that showed me he had something requiring expert attention. This is the same handover you used to do here with delphinium.

Since F4E and Krusty were not part of those conversations, in their defense, they had no way of knowing he'd gone to one of the forums. In fairness, I should have posted back here that I had referred him to the recommended forums (I didn't even know he had picked yours) to guard against this--and I will do so in the future--but I would request that you restore his thread in this case, as all concerned were acting in good faith.

V/R,

--DistEd2

It is not the use of NPE already, but the fact the user has been told instructions here  including  SFC and  MBAM (with link).  

See what happens with even MBAM, Peterweb found that out the hard way for a user, where the system would not boot properly.

The user got told to use this and that here. I found it , so I STOP at my end, so  the other thread is gone, Now only one thread and getting instructions from 1 oooppppss more than 1 helper.

Not to get instructions from more than one place at one time with instructions on tools and instructions  and the thread is also  SOLVED.  

Other Malware removers do not allow more than one thread and helper, including on other forums (if spotted).   Too confusing and dangerous for the system and both ends.

The other thread as I said is Deleted,   and Quads does what he says.

Quads

Quads,

Understood. I will refer him to one of the other forums, who are--as you used to be--more understanding about us needing to use malwarebytes (or SAS or other low-level tools--including Norton itself) as diagnostics, before we know that the user has something requiring one-on-one attention. We aren't removalists: we can't just look at a set of symptoms (save for the overt ones like CryptoLocker--and know what it is without asking the user to do some testing; that's why we need folks like you.

I remember when the "no other help" rule started when the user got to you; now it seems like it starts when the user first notices he has a problem--with results like this, where you've closed his thread because of things that happened before he opened a thread on your forum. I may not have been sufficiently clear on this, so I'll give some more information on the timeline.

1. The OP arrived here, asking about some odd behavior from NPE and his browser (as you can see)
2. dickevans saw it as a possible false positive, or at worst a corrupted file, since the program name is known and respected, and in common use.
3. F4E saw the reference to NPE, and firgured it was likely just an interaction between an overaggressive NPE and an overaggressive Google.
4. OP ran a couple scans and, finding nothing, started to think he may have raised a false alarm. F4E suggested a couple more things, but the user couldn't get them to work. Still, having nuked it with NPE and found nothing with Norton's normal scans, he's pretty ready to call it solved.
5. I show up on the scene, and am worried because he's still having some symptoms; I'm not sure he should write them off, because whatever infected his good commercisal program might still be flying under the radar, dropping PUPs and lesser nasties, and causing what would appear to be continuous reinfections. I know malwarebytes is especially good at detecting malware on systems already infected, so I ask him to run it as a diagnostic tool.
6. OP runs malwarebytes, and it finds a couple of PUPs and removes them.
7. To me, this is enough confirmation that he's got a rootkit or something that we just can't handle. But the others look at the log and see everything that was detected, successfully removed. While I'm away at a meeting, they say this, and the OP marks the thread solved. But the OP had also PM'd me...and I tell him (by return PM) it's time to refer him to work one-on-one with a removalist. I give him my usual speel about talking with no one else, including us here, after he opens his case, and I provide the link to delphinium's list. So far, this is exactly the same procedure that you and delphinium trained me to use back when I first started helping.
   
8. THIS IS THE POINT WHERE THE USER FIRST ARRIVES AT YOUR FORUMS
9. Then the others he had been working with here before anyone even told him they thought it might be malware--not having been privy to the PM exchange, and therefore not having any reason to suspect he'd opened a thread with anyone--respond to the logs he'd posted before I sent him to delphinium's list.
   

So I'm pretty sure this falls within the intent of your rules. It is of course up to you alone to decide that, and I respect your decisions in these matters. But we all do this to help the users, and I'd just ask you to re-think whether this does that.

V/R,

--DistEd2

I couldn't careless what you guys do, as it is easy for me,  User has another thread over at Norton, BC or any other forum so will get locked or removed so the user can get back to the board that is not mine.

As It is this thread is SOLVED  (message 13 above), so the other thread is not need,  or maybe people don't know what SOLVED on a thread.

When getting instructions in multiple places its a NO, that is it .  It is not only me, it is other people that can do what I do.  I have also done it twice on my forum for users who one had a thread and I stopped,  go back to BC and 1 user by PM and I said not, you are to stay with Broni on BC.

For the one that started a thread and I stopped, I connacted BC to notify that I had stopped as the user has this thread (on BC) here is another symptom......................  I got a thanks.  For doing the same as I have done here. 

But then again they understand why I did and gave thanks as the ranked (the rank means something) do the same as me.

The other one that tried to get me to help and I  said NO, NO, NO and I didn't  get heck,  BC backed me up  I also have had for awhile where another user has the thread, so not me.

My post to the user

Broni is doing the work on your system(s) and Drives.

The malware talked about in this thread does spread via connected drives,  I had one user before getting help, say that he connected more than one flash drive in testing and those Flash Drives got infected also.  (If I remember 5 of them).

I used these commands for each drive as part of the cleaning etc.

dir /a:-h /s /b "[drive letter]:\" /c

attrib -h -s "[drive letter]:\*" /s /d /c 

But it is up to the Malware helper on what they want to do and how, as it depends on a lot of factors,  Systems are not the same from one infected system to the next including what the user may have done.

Quads

Mods said after to user:

Yes, you should refrain from asking for help from other members or staff while you are being instructed by another staff member with a malware issue. Any modifications you make on your own can result in system changes which may not show in the log(s) you already posted. Further, following advice from others outside of that topic may cause confusion for the team member assisting you and could complicate the malware removal process or make things worstwhich would extend the time it takes to clean your computer.

Broni can provide all that information when disinfection is complete. 

You guys don't get why only one thread (SOLVED or not) etc.  fine.

Another reason why this forums is not good for the systems we deal with, Is dangerous and not set to deal with it, (partly the software, partly the users here who don't understand.

Quads

Quads,

I have no idea who "Broni" is, as neither you nor the OP has mentioned this person before this point. If you're saying he's got a thread on bleepingcomputer, then I apologize for my confusion: certainly we don't want multiple removalists working the issue at once. You and the removalists I have led in my "other" role did teach me that much. And Broni's instructions are essentially identical to what you've seen me give here--and what I gave the OP in this case. As you and delphinium taught me, "way back when."

Like I said, I respect your judgment--which I have continued to defend here in other threads. I'm not going to be hypocritical and condemn it when it's me on the other side.

Thanks, as always, for your work. And thanks for what you left for the user here just now. 

V/R,

--DistEd2