Gadcom.exe

[Seipher]

Hello,

I recently got some type of spyware or malware on my PC. I can't begin to tell you how I picked it up, sorry. Anyway, I started getting a lot of popups taking me to antivirus2009. I quickly unplugged my cat 5 cable and restarted my PC but I was already to late. So I opened my process tree and started googling every process that I don't remember seeing often. gadcom.exe came back as a trojan on many sites. I ended the process but of course it keeps coming back.

I also have C:\Documents and Settings\NAME\Application Data\gadcom\gadcom.exe which I can not delete off my harddrive.

It also disabled my windows firewall and stopped my automatic updates. I was able to restart my firewall but now I can no longer start up my automatic updates. I assume it messed up my registry as well. I have a feeling this one runs a lot deeper than I will ever figure out. Im not a technician myself just have a little knowledge of PC's.

Where do I go from here. What info do you need to help me. Thanks in advance.

Seipher

 

[brucethetech]

antivirus 2009 disables your access to all auto updates and firewall so do expect it or anything else to work right until you get rid of antivirus 2009. I've seen AVG antivirus detect and remove it but I wouldn't put money on it. If you don't feel comfortable digging around in your registry you may want to post a hijackthis log.

 

[sqwundle]

Well this isnt an answer but i had the same thing couple a minuts ago which is very strange and i deleted it through avast and malwarebytes

it also seems like many other people are getting this virus or malware to,

i know how you feel

 

[Seipher]

I didn't actually install antivirus2009. It is just a IE popup i get that takes me to their site and try's to scan my PC. Which I quickly shut down everytime. I went to add/remove in control pannel to try and see if I somehow got antivirus2009 software unknowingly and It doesnt exist as software on my PC. But, I noticed while doing this I had a software called "Advertisement Services" lol. I of course removed this quickly. It must have came as a package deal to this gadcom.exe virus.

Im trying to figure out how or where to get this hijack software and info for you. Soon as i figure it out Ill post an update.

 

[kimsland]

Best to follow the guide, and submit (ie attach) the three (3) logs
Here's the guide: UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions

Also

Special case where after installing MBAM and SAS they will not update or run
Read here: https://www.techspot.com/vb/topic116603.html

Failing that, try here: https://www.techspot.com/vb/post684649-3.html

Then continue: UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions

 

[Seipher]

Lol there should be a warning for these 8 steps. (May [will] take 5+ hours to complete all scans).

Just trying to make light of the situation. Anyway, to update. I have completed all the way through step 4 so far. Seems like the job has already been done but I will finish all 8 steps just to be sure.

Here's what I have found so far.

1. Avast! located Win32:Trojan-gen {other} inside of C:\Documents and Settings\NAME\Application Data\gadcom\gadcom.exe

2. Did a scan after reboot with Avast and deleted various files but it didnt delete the gadcom.exe file. However, gadcom.exe no longer loaded in the process tree.

3. Skipped step 3 as this seemed really broad and I don't have any programs that monitor my PC until I installed these news ones listed in the 8 steps.

4. Malwarebytes seemed to really be the one that did the trick. After running the scan it deleted the ...\application data\gadcom\gadcom.exe file.

5. After running Malwarebytes, deleting corrupted files, and restarting my PC, I was actually able to turn Windows Automatic updates back on.

Anyway, I thought I would give an update. I am running SAS now but I have a feeling the guys post above about simply running Avast / Malwarebytes can fix this one. Will submit the (3) files soon.

Here are my 3 files.

 

[kimsland]

The following entries (although not exactly counted as Spyware) can be safely removed from HJT
Please run HJT and place a tick next to all the following, then "fix" all of them

O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - S-1-5-18 Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

Then go to add\remove Programs in Control Panel
And remove BitComet

Once this is done restart
Then open Malwarebyres again (again?) yes again! If you want to catch the remaining malware
Make sure that it's fully updated, then run a full scan
Please submit the new log once all found malwares are removed (by you again)

Also reply back with how the computer is running from doing all this

 

[Seipher]

KK Ive had sleep woot. So, I deleted Bitcomet (although i havn't had this software running in 4 weeks +) restarted my PC and ran Malwarebytes again. You were right, it found 1 last item and removed it as well.

I decided agaisnt running HJT again and deleting those listed files because all of them are part of software that I actually run on my PC. Some of them are actually important if I ever want to update that software again. For instance, ALCMTR.exe is needed to update my Realtek Audio driver and below is a quote from bleepingcomputer.com.

"Realtek AC97 Audio - Event Monitor. "Sypware" file used surreptitiously monitor one's actions. It is not a sinister one, like remote control programs, but it is being used by Realtek to gather data about customers. If you delete this file, then you will not be able to properly update your drivers in the future. It is therefore recommended that you disable the startup instead." www.bleepingcomputer.com

SOOOO... Yes I don't like the fact that Realtek has something monitoring my PC, but if i ever want an update i need it This is just something I think the consumer is going to have to get use to I'm afraid. To many software packages come with these things.

All this being said, my computer is running great again. If anything is still on it, its unnoticable and not corrupting my computers performance any. I want to thank you for all of your help and I appreciate this webiste being here for people like myself who need the support but can't always afford to pay for it. Below is the last Mbam log you requested.