Kruxe Posted July 6, 2014 ID:849620 Share Posted July 6, 2014 Hi there, I've got a brand new laptop with Malwarebytes Premium installed and seem to have an issue with a program I thought was safe. I downloaded a program that was supposed to be an encryption tool/key management system called GnuPG (https://www.gnupg.org/ <-- reference purposes only). When both my cluttered desktop and my brand new laptop began to run very slow I did scans on both and nothing appeared to be wrong, but on my laptops task manager showed a background process of something called 'dirmngr (32 bit)' running from C:/Program Files (x86)/GNU/GnuPG. When I Google searched it many websites mentioned the 'dirmngr' program in particular is often a host name for malicious applications. I am unsure how to provide a DDS report, But if someone were willing to assist me I'd like to provide one for each system as both seem to have some sort of underlying issues MWB is not picking up. Thank you. Link to post Share on other sites More sharing options...
Kruxe Posted July 6, 2014 Author ID:849624 Share Posted July 6, 2014 I have just realised I had something called 'semaphore-Threads.exe' running on the laptop as well, Which Google again tells me is a 'zero access rootkit'.At this point it's probably safe to say something is wrong, I've just never used these type of forums before. Link to post Share on other sites More sharing options...
AmarildoJr Posted July 6, 2014 ID:849629 Share Posted July 6, 2014 Can you scan your HD with Malwarebytes? If not, there are numerous tools for removing rootkits. You can download and run mbar https://www.malwarebytes.org/antirootkit/If it's a nasty rootkit you can try Malwarebytes chamaleon I'd also recomend you to scan your machine with HitmanPRO as it has 4 antivirus scanners http://www.surfright.nl/enAnd of course, Kaspersky root kit removal tool http://usa.kaspersky.com/downloads/tdsskiller You can see how to use Chamaleon here: Link to post Share on other sites More sharing options...
Kruxe Posted July 6, 2014 Author ID:849630 Share Posted July 6, 2014 The link for Chamaleon directions didn't show, I'm very cautious about clicking links to scans and stuff I don't know as that's what bought me here in the first place Link to post Share on other sites More sharing options...
daledoc1 Posted July 6, 2014 ID:849654 Share Posted July 6, 2014 Hi, @AmarildoJr: Thanks for your helpful and well-intentioned suggestion.However, please be aware that regular forum members are not permitted to provide malware removal advice.That sort of support is provided only by certain groups of authorized and trained helpers.Moreover, work on possibly infected computers is conducted in a dedicated area of the forum where the helpers assist users one-on-one, employing a range of specialized tools.(FYI MBAR is one such powerful tool that should only be used under the guidance of a trained helper.) @Kruxe: We cannot work on malware-related issues here in this sub-section of the forum.If you think you might be infected, please feel free to take advantage of the free, one-on-one expert help in the malware removal section of the forum.In order to expedite the process, I suggest that you first please follow the advice in this pinned topic: Available Assistance for Possibly Infected ComputersA malware expert will assist you with looking into your issue.Please be patient -- the forum can be quite busy, many of the helpers are volunteers and it is currently a holiday weekend in the U.S., where many helpers are based. It might take 48 hours before someone is available to help you, so please be patient. Thanks to you both for your understanding, Link to post Share on other sites More sharing options...
1PW Posted July 6, 2014 ID:849680 Share Posted July 6, 2014 Hello Kruxe:Please drill down to C:\Program Files (x86)\GNU\GnuPG where, if while you may have been using gpg4win, or others, a default install was made of dirmngr.exe. If you choose, you may then upload this file to VirusTotal.com for a probable 0/54 verification. You might then avoid a visit to the Malware Removal Help sub-forum. BTW, when installed with gpg4win, dirmngr.exe will likely be made to launch with the starting of any Windows session. I hope this helps. Link to post Share on other sites More sharing options...
AmarildoJr Posted July 6, 2014 ID:849760 Share Posted July 6, 2014 Hi, @AmarildoJr: Thanks for your helpful and well-intentioned suggestion.However, please be aware that regular forum members are not permitted to provide malware removal advice.That sort of support is provided only by certain groups of authorized and trained helpers.Moreover, work on possibly infected computers is conducted in a dedicated area of the forum where the helpers assist users one-on-one, employing a range of specialized tools.(FYI MBAR is one such powerful tool that should only be used under the guidance of a trained helper.)Thanks for the headsup. It won't happen again. Link to post Share on other sites More sharing options...
Kruxe Posted July 7, 2014 Author ID:849942 Share Posted July 7, 2014 Thank you very much Link to post Share on other sites More sharing options...
1PW Posted July 7, 2014 ID:849958 Share Posted July 7, 2014 You are very welcome. Please let us know if we can help you further. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now