Jump to content

Requesting assistance, Possible Malware (dirmngr - GnuPG)


Recommended Posts

Hi there,

 

I've got a brand new laptop with Malwarebytes Premium installed and seem to have an issue with a program I thought was safe.

 

I downloaded a program that was supposed to be an encryption tool/key management system called GnuPG (https://www.gnupg.org/ <-- reference purposes only).

 

When both my cluttered desktop and my brand new laptop began to run very slow I did scans on both and nothing appeared to be wrong, but on my laptops task manager showed a background process of something called 'dirmngr (32 bit)' running from C:/Program Files (x86)/GNU/GnuPG. 

 

When I Google searched it many websites mentioned the 'dirmngr' program in particular is often a host name for malicious applications.

 

I am unsure how to provide a DDS report, But if someone were willing to assist me I'd like to provide one for each system as both seem to have some sort of underlying issues MWB is not picking up.

 

 

 

Thank you.

Link to post
Share on other sites

I have just realised I had something called 'semaphore-Threads.exe' running on the laptop as well, Which Google again tells me is a 'zero access rootkit'.

At this point it's probably safe to say something is wrong, I've just never used these type of forums before.

Link to post
Share on other sites

Can you scan your HD with Malwarebytes? If not, there are numerous tools for removing rootkits.

 

You can download and run mbar https://www.malwarebytes.org/antirootkit/

If it's a nasty rootkit you can try Malwarebytes chamaleon

 

I'd also recomend you to scan your machine with HitmanPRO as it has 4 antivirus scanners http://www.surfright.nl/en

And of course, Kaspersky root kit removal tool  http://usa.kaspersky.com/downloads/tdsskiller

 

You can see how to use Chamaleon here:

Link to post
Share on other sites

Hi, @AmarildoJr:

 

Thanks for your helpful and well-intentioned suggestion.

However, please be aware that regular forum members are not permitted to provide malware removal advice.

That sort of support is provided only by certain groups of authorized and trained helpers.

Moreover, work on possibly infected computers is conducted in a dedicated area of the forum where the helpers assist users one-on-one, employing a range of specialized tools.

(FYI MBAR is one such powerful tool that should only be used under the guidance of a trained helper.)

 

@Kruxe:

 

We cannot work on malware-related issues here in this sub-section of the forum.

If you think you might be infected, please feel free to take advantage of the free, one-on-one expert help in the malware removal section of the forum.

In order to expedite the process, I suggest that you first please follow the advice in this pinned topic: Available Assistance for Possibly Infected Computers

A malware expert will assist you with looking into your issue.

Please be patient -- the forum can be quite busy, many of the helpers are volunteers and it is currently a holiday weekend in the U.S., where many helpers are based.  It might take 48 hours before someone is available to help you, so please be patient.

 

Thanks to you both for your understanding,

Link to post
Share on other sites

Hello Kruxe:

Please drill down to C:\Program Files (x86)\GNU\GnuPG where, if while you may have been using gpg4win, or others, a default install was made of dirmngr.exe.

 

If you choose, you may then upload this file to VirusTotal.com for a probable 0/54 verification.

 

You might then avoid a visit to the Malware Removal Help sub-forum. BTW, when installed with gpg4win, dirmngr.exe will likely be made to launch with the starting of any Windows session.

 

I hope this helps. :)

Link to post
Share on other sites

Hi, @AmarildoJr:

 

Thanks for your helpful and well-intentioned suggestion.

However, please be aware that regular forum members are not permitted to provide malware removal advice.

That sort of support is provided only by certain groups of authorized and trained helpers.

Moreover, work on possibly infected computers is conducted in a dedicated area of the forum where the helpers assist users one-on-one, employing a range of specialized tools.

(FYI MBAR is one such powerful tool that should only be used under the guidance of a trained helper.)

Thanks for the headsup. It won't happen again.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.