Another potential G.exe infection

[boothy]

A colleague alerted me to this potential infection, and although I occasionally see the 'G is preventing windows shutting down 'message, it doesn't actually prevent it.

 

Various log files attached below. Thanks in advance for any assistance.

[boothy]

malwarebytes scan report 3 dec.txt

FRST.txt

Addition.txt

AdwCleaner[C00].txt

AdwCleaner[S00].txt

[nasdaq]

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Let me know if the problem persists.

fixlist.txt

[boothy]

Nasdaq, hello and thanks for looking into this for me.

Have rebooted PC a few times, no mention of 'G preventing shutdown', but it was never constant anyway. I'm out of town for a few days, might take over weekend before I get chance to test more comprehensively.

Fixlog.txt attached meantime.

Fixlog.txt

[nasdaq]

Hi,

If the problem returns it's possible that one of the running programs is causing this then you power off.

Make a note of all the open programs when your shutdown the computer.

 

 

[boothy]

Hi Nasdaq, thanks for the continued support.

How would I know if one of the running programs is causing the issue? I only see an occasionally issue when shutting down.

Also, how would I determine what programs are running while shutting down, run task manager?

[nasdaq]

Hi,

Do you not see the running programs as Icon on the bottom toolbar?

Right click on the Icon one at time and select close Windows.
When all done Power of the computer. There should not be an error.

Next time leave let them running and power down.
Before you do make a note of the programs that are running.
If all is well then these programs are good.
If one of them is the culprit then you now have the list of programs to investigate.

Run them one at a time and power down.
By trial and error you may be able to find the culprit.

[boothy]

Ah, understand now. Normally close everything down before shutting down laptop, maybe Steam is left running. Not seeing mention of 'G' lately, but laptop does shut down much quicker since you've been guiding me.

Was there anything there to begin with?

[nasdaq]

No.

I know if must me annoying but it's just a program that is not releasing it handle.

[boothy]

It was there again tonight, first time I've seen it since i first contacted you. I had only run firefox, thunderbird, steam and football manager, and all closed down before shutting down. I cancelled shutdown to post here. Is there anything I can do when I see it? I opened task manager, but nothing was called 'G', but lots of processes, etc., that mean nothing to me.

[boothy]

Edit:Steam runs in background, so wasn't/isn't shut down. Taskbar was empty though.

[nasdaq]

Hi,

Stream is installed on your computer and this registry key is called to run it at startup.

HKU\S-1-5-21-120305035-1963969382-2588572523-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3131680 2018-11-26] 

However you have disabled it.
==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKU\S-1-5-21-120305035-1963969382-2588572523-1001\...\StartupApproved\Run: => "Steam"

If you wish to stop the program from running at startup then run this fix.
When you want to run the program you will have to execute the steam.exe.

If you want to remove it completely.

Remove this program in bold via the Control Panel > Programs > Programs and Features.
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

Hope that helps.

fixlist.txt

[boothy]

Thanks again, Nasdaq. Football Manager was bought/installed/run thru Steam. Steam only starts when I choose to run FM.

I'll attempt to take a photo the next time 'G' appears when shutting down

[nasdaq]

Keep me posted.

[boothy]

Look what turned up last night. Again, I had firefox, thunderbird and football manager open but all closed before shutting down.

Any thoughts?

[nasdaq]

Hi,

Looks like the  football manager and/or Steam is the cause.

Next time  they are open and you want to power off close them.
Immediately after do an CTRL+ALT+DEL and open the task manager.

Is one or both processes still running?

If yes then close the process(es) and power down.

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks