Fake Chrome Process Malware - ActiveX DLL

By Vinn1
Nov 21, 2014
  1. I have a DLL that I got recently around the time that I got the Malware called xxafxcg, which appears to be a fake ActiveX DLL possibly from a rat hacker that is attacking my PC. Other info is listed below.

    I got the Fake Chrome Process Malware around a week ago, but did a System Restore which seemed to have gotten rid of it until about an hour ago (11/20/2014) when it came back.. I got a popup randomly that said that something failed and then it tried to open my CMD prompt. I force closed the popup (rundll32), but it still put the Malware back onto my PC. I noticed numerous Baxigxtm.exe processes which constantly come back after I end the process, and have the obvious icon of Google Chrome.

    I've read up on this Malware before, but have no idea how to truly get rid of it without having to do a full system wipe. I don't even know if that would fix the issue.

    I look forward to getting a response ASAP! Thank you.

    Attached is a PICTURE of the Error I get right before the Malware attaches itself.

    View attachment 33050

    ^ I also noticed that the Process for this Error is Microsoft Register Server aka regsvr32, which apparently is used to register a DLL (most likely the corrupt DLL files associated with this Malware..) ^

    PS: I also just finished using Malware Bytes AntiRoot Kit and it still found nothing.

    Some code of the culprit folder from the Scan:

    2014-11-20 15:35 - 2014-11-20 15:35 - 00126280 _____ () C:\Users\*\AppData\LocalLow\Portalarium\kskjxbe\Hmdfbtuugd\36.0.1985.143\libegl.dll
    2014-11-20 15:35 - 2014-11-20 15:35 - 08537928 _____ () C:\Users\*\AppData\LocalLow\Portalarium\kskjxbe\Hmdfbtuugd\36.0.1985.143\pdf.dll
    2014-11-20 15:35 - 2014-11-20 15:35 - 00353096 _____ () C:\Users\*\AppData\LocalLow\Portalarium\kskjxbe\Hmdfbtuugd\36.0.1985.143\ppGoogleNaClPluginChrome.dll
    2014-11-20 15:35 - 2014-11-20 15:35 - 01732936 _____ () C:\Users\*\AppData\LocalLow\Portalarium\kskjxbe\Hmdfbtuugd\36.0.1985.143\ffmpegsumo.dll
    2014-11-20 15:35 - 2014-11-20 15:35 - 14669128 _____ () C:\Users\*\AppData\LocalLow\Portalarium\kskjxbe\Hmdfbtuugd\36.0.1985.143\PepperFlash\pepflashplayer.dll"

    EDIT: I deleted the Portalarium folder and got the Baxigxtn to stop briefly, but then the error popped up again and it ended up in a raidcall folder instead..

    The process keeps multiplying and popping up again as soon as I delete it.. I'm getting really mad..

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 52,794   +343

    Welcome aboard [​IMG]

    Please, complete all steps listed here:
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...