G program in shutdown screen

[Prince-Ali2]

Hello forum staff I would like to request assistance in the removal of a possible malware threat that has recently appeared. First on startup 2 cmd boxs pop up and go away. 2, a program named G was found on the shutdown screen. plz help. Attached are the files FRST, Addition and Malwarebytes threat log

 

 

FRST.txt

Addition.txt

Threat log.txt

[AdvancedSetup]

Hello @Prince-Ali2 and

Sorry for the delay. I'm not seeing any obvious infection on the computer. It may be part of one of your applications that is spawning that window on purpose. Let me have you run a couple other things though and we'll see what else we can find.

 

Please run the following steps and post back the logs as an attachment when ready.

 

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

• Right-click on the program and select Run as Administrator to start the tool.
• Accept the Terms of use.
• Wait until the database is updated.
• Click Scan.
• When finished, please click Clean.
• Your PC should reboot now if any items were found.
• After reboot, a log file will be opened. Copy its content into your next reply.

 

 

Create an Autoruns Log:

• Please download Sysinternals Autoruns from here.
• Save Autoruns.exe to your desktop and double-click it to run it.
• Once it starts, please press the Esc key on your keyboard.
• Now that scanning is stopped, click on the Options button at the top of the program and select Verify Code Signatures
• Once that's done press the F5 key on your keyboard, this will start the scan again, this time let it finish.
• When it's finished, please click on the File button at the top of the program and select Save and save the Autoruns.arn file to your desktop and close Autoruns.
• Right click on the Autoruns.arn file on your desktop and hover your mouse over Send To and select Compressed (zipped) Folder
• Attach the Autoruns.zip folder you just created to your next reply
  

Thanks

Ron

 

 

[Prince-Ali2]

Hi Ron thnx for helping me attached are the two filesAdwCleaner[C1].txt

Autoruns.arn.zip

[AdvancedSetup]

Not seeing anything out of the ordinary. In fact, cleaner than most systems I see.
 

Can you take a screenshot of it with your phone when you see it? I'd have to believe it has something to do with a launch or process spawn from another valid application on your system. That's pretty difficult to track down without a lot of work.

Thanks

Ron

 

[Prince-Ali2]

It comes up really irregularly at this point I have only seen it twice out of like 20 shutdowns so it might not be much, my main suspicion was the G program on shutdown. I researched online and most of the time is it caused by a trojan 

[Prince-Ali2]

However if there is no malicious activity on this computer we can end this post, thnx for everything!, all though I did another search with the autoruns instead I also clicked the virustotal box as well and it showed a few programs being 1/67,2/67 and one was even 7/67 should I be worried? @AdvancedSetup 

[AdvancedSetup]

Show me a link to the one you're concerned about. Sometimes files that are packed are labeled suspicious because they can't decode them. Doesn't make them bad. 

[Prince-Ali2]

https://www.virustotal.com/en/file/2fc83271c50340db0f5de8cf56b4b6e7e598e37444821a64999b2c4aac8c8363/analysis/ this is the one that is 7/67

[AdvancedSetup]

That is a signed driver from Tech Titan. It has a brick and mortar physical address too. Extremely unlikely that it is an infected file. The file is signed too which is also difficult for real malware to provide.

None of the bigger antivirus names like Kaspersky, Norton, Microsoft detect it. I am pretty confident there is nothing wrong with that file.

 

[Prince-Ali2]

oh ok that's good, so just for peace of mind no malware actually caused the cmd pop up and the G program on shutdown screen (mostly worried about the g program). If so the post can be closed now thnx for everything

[AdvancedSetup]

I don't see anything, but let's go ahead and scan with Kaspersky antivirus as well just to make sure.

Disable your current security software and run the following Kaspersky antivirus scan.

 

Please download and run the following Kaspersky antivirus removal tool to scan and to remove any found threats

Kaspersky Virus Removal Tool

Let me know if it finds anything or not @Prince-Ali2

Thanks

Ron

 

[Prince-Ali2]

Hey @AdvancedSetup I currently own a paid version of kaspersky and it didn’t find any threats after multiple full scans

[AdvancedSetup]

Agreed, I'm not seeing any signs of an infection either.

If anything is popping up my guess would be that it's spawning from one of your other programs on purpose.

Ron

 

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread.

Thanks