Jump to content

win32/chekuem malware

daniel43

By daniel43
in Resolved Malware Removal Logs

 Share

Recommended Posts

daniel43

daniel43

Posted
Posted

Hello,

I have Windows Defender and Malwarebytes 3.3.1 running on my laptop Windows10 home 64bits (fall creator)

Defender came with critical malware "win32/chekuem"  in  C:/program files(86)/system mechanic/SMXMktgRestartHelper.exe.

I ran a full scan with Malwarebytes and nothing found.

Iolo (System Mechanic) told me that this has nothing to see with System Mechanic !

For the time being I renamed the file SMXMktgRestartHelper.exe.

Ha someone an idea ?

Rgds

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted
Hello daniel43 and welcome to Malwarebytes,

Upload a File to Virustotal

Go to http://www.virustotal.com/
 
  • Click the Choose file button
  • Navigate to the file C:\Program Files (x86)\System Mechanic\SMXMktgRestartHelper.exe
  • Click the Scan it tab
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Copy and paste the URL address back here please.
Next,

Follow the instructions at this link and post the requested logs: https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/

Thank you,

Kevin
Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Hello daniel43,

The file in question gets a clean bill of health from VirusTotal, I also run the developers website for downloads same way, again clean bill of health..

https://www.virustotal.com/en/url/585b8c545aacce49edb4f64cc2c76f2d95a48cd4b1b8e638baf7d6aeb214bf92/analysis/1518275171/

There are no obvious signs of Malware or Infection in your logs. Microsoft do have an issues with system mechanic so maybe the answer you seek is to add SM as an exclusion....

https://support.microsoft.com/en-gb/help/4028485/windows-10-add-an-exclusion-to-windows-defender-antivirus

i do not believe System Mechanic would be a tool of my choice, such software that mess with the system registry is always prone to causing problems. If you know and trust System Mechanic then running such software is down to you...

Continue to clean up;

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following item is the only one checked:

 
  • Remove disinfection tools <----- this will remove tools we have used (FRST) and itself.


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image

 

 

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.