TechSpot

Fake Google Chrome Processes Infection

By NetAdam2014
Oct 28, 2014
  1. Hello,

    I am in dire need of help with this problem. I've read through a thread with this problem but the solution was specific to the user that submitted. I am the Network Administrator for a company that deploys Dell Optiplex machines currently under a variety of platforms; some Windows 7 32bit and some 64. A staff member reported that their machine was running so slow it could not be used this morning so I began looking into the processes to see what was killing all the resources. I noticed a process named achlegb.exe *32 with a description of Google Chrome, even though I had recently uninstalled Google Chrome. There were at least 12 of these process running and each time I attempted to kill the process tree, more would spawn. I rebooted into safe mode w/o networking and deleted the files where these odd exe's were located (C:\Users\%Profilename%\AppData\LocalLow\Adobe). When I rebooted again, the achlegb processes were gone, but, rundll32 was present and shortly after the reboot, the Chrome Processes (achlegb) returned in full force. I disconnected the station from the network and set up the staff member on a temp station, and turned to the web. I stumbled across a bunch of threads all with the same problem (of sorts, the process name seems to vary) and each solution provided by the admins were specific to the user that submitted the thread. So that is why I am here. Symantec Endpoint Protection is deployed here but I use combofix on occasion to resolve registry issues. Please help. I can provide any scan information you need! Thank you
     
  2. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.


    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...