I have a DLL that I got recently around the time that I got the Malware called xxafxcg, which appears to be a fake ActiveX DLL possibly from a rat hacker that is attacking my PC. Other info is listed below.
I got the Fake Chrome Process Malware around a week ago, but did a System Restore which seemed to have gotten rid of it until about an hour ago (11/20/2014) when it came back.. I got a popup randomly that said that something failed and then it tried to open my CMD prompt. I force closed the popup (rundll32), but it still put the Malware back onto my PC. I noticed numerous Baxigxtm.exe processes which constantly come back after I end the process, and have the obvious icon of Google Chrome.
I've read up on this Malware before, but have no idea how to truly get rid of it without having to do a full system wipe. I don't even know if that would fix the issue.
I look forward to getting a response ASAP! Thank you.
Attached is a PICTURE of the Error I get right before the Malware attaches itself.
View attachment 33050
^ I also noticed that the Process for this Error is Microsoft Register Server aka regsvr32, which apparently is used to register a DLL (most likely the corrupt DLL files associated with this Malware..) ^
PS: I also just finished using Malware Bytes AntiRoot Kit and it still found nothing.
Some code of the culprit folder from the Scan:
"\AppData\LocalLow\Portalarium\kskjxbe\Hmdfbtuugd\36.0.1985.143\libglesv2.dll
2014-11-20 15:35 - 2014-11-20 15:35 - 00126280 _____ () C:\Users\*\AppData\LocalLow\Portalarium\kskjxbe\Hmdfbtuugd\36.0.1985.143\libegl.dll
2014-11-20 15:35 - 2014-11-20 15:35 - 08537928 _____ () C:\Users\*\AppData\LocalLow\Portalarium\kskjxbe\Hmdfbtuugd\36.0.1985.143\pdf.dll
2014-11-20 15:35 - 2014-11-20 15:35 - 00353096 _____ () C:\Users\*\AppData\LocalLow\Portalarium\kskjxbe\Hmdfbtuugd\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-11-20 15:35 - 2014-11-20 15:35 - 01732936 _____ () C:\Users\*\AppData\LocalLow\Portalarium\kskjxbe\Hmdfbtuugd\36.0.1985.143\ffmpegsumo.dll
2014-11-20 15:35 - 2014-11-20 15:35 - 14669128 _____ () C:\Users\*\AppData\LocalLow\Portalarium\kskjxbe\Hmdfbtuugd\36.0.1985.143\PepperFlash\pepflashplayer.dll"
EDIT: I deleted the Portalarium folder and got the Baxigxtn to stop briefly, but then the error popped up again and it ended up in a raidcall folder instead..
The process keeps multiplying and popping up again as soon as I delete it.. I'm getting really mad..
I got the Fake Chrome Process Malware around a week ago, but did a System Restore which seemed to have gotten rid of it until about an hour ago (11/20/2014) when it came back.. I got a popup randomly that said that something failed and then it tried to open my CMD prompt. I force closed the popup (rundll32), but it still put the Malware back onto my PC. I noticed numerous Baxigxtm.exe processes which constantly come back after I end the process, and have the obvious icon of Google Chrome.
I've read up on this Malware before, but have no idea how to truly get rid of it without having to do a full system wipe. I don't even know if that would fix the issue.
I look forward to getting a response ASAP! Thank you.
Attached is a PICTURE of the Error I get right before the Malware attaches itself.
View attachment 33050
^ I also noticed that the Process for this Error is Microsoft Register Server aka regsvr32, which apparently is used to register a DLL (most likely the corrupt DLL files associated with this Malware..) ^
PS: I also just finished using Malware Bytes AntiRoot Kit and it still found nothing.
Some code of the culprit folder from the Scan:
"\AppData\LocalLow\Portalarium\kskjxbe\Hmdfbtuugd\36.0.1985.143\libglesv2.dll
2014-11-20 15:35 - 2014-11-20 15:35 - 00126280 _____ () C:\Users\*\AppData\LocalLow\Portalarium\kskjxbe\Hmdfbtuugd\36.0.1985.143\libegl.dll
2014-11-20 15:35 - 2014-11-20 15:35 - 08537928 _____ () C:\Users\*\AppData\LocalLow\Portalarium\kskjxbe\Hmdfbtuugd\36.0.1985.143\pdf.dll
2014-11-20 15:35 - 2014-11-20 15:35 - 00353096 _____ () C:\Users\*\AppData\LocalLow\Portalarium\kskjxbe\Hmdfbtuugd\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-11-20 15:35 - 2014-11-20 15:35 - 01732936 _____ () C:\Users\*\AppData\LocalLow\Portalarium\kskjxbe\Hmdfbtuugd\36.0.1985.143\ffmpegsumo.dll
2014-11-20 15:35 - 2014-11-20 15:35 - 14669128 _____ () C:\Users\*\AppData\LocalLow\Portalarium\kskjxbe\Hmdfbtuugd\36.0.1985.143\PepperFlash\pepflashplayer.dll"
EDIT: I deleted the Portalarium folder and got the Baxigxtn to stop briefly, but then the error popped up again and it ended up in a raidcall folder instead..
The process keeps multiplying and popping up again as soon as I delete it.. I'm getting really mad..
