Jump to content

Infected with false update.exe firefox in the folder Parallax!

Recommended Posts

I got infected with this trying to install a utorrent program, after the alert i cancel the installation but this got passed.


The false firefox update.exe is located here:

C:\Program Files (x86)\Common Files\Parallax

And always try to connect to a porn web:



This folder was created at the exact time i cancelled the installation of utorrent:



-Detalles del registro-
Fecha del evento de protección: 31/8/21
Hora del evento de protección: 5:57
Archivo de registro: 6dfd3db2-0a39-11ec-b402-18d6c702e0ef.json

-Información del software-
Versión de los componentes: 1.0.1413
Versión del paquete de actualización: 1.0.44485
Licencia: Premium

-Información del sistema-
SO: Windows 10 (Build 19043.1165)
CPU: x64
Sistema de archivos: NTFS
Usuario: System

-Detalles del sitio web bloqueado-
Sitio web malicioso: 1
, C:\Program Files (x86)\Common Files\Parallax\update.exe, Bloqueado, -1, -1, 0.0.0, , 

-Datos de sitio web-
Categoría: Troyano
Dominio: agedporntube.com
Dirección IP:
Puerto: 80
Tipo: Saliente
Archivo: C:\Program Files (x86)\Common Files\Parallax\update.exe


Don't tell me a I'm Fuc*** and i will need to format my PC, also when i scan this fake update.exe MB says everything is ok, but it's obviously not!


It don't will be enough to delete this folder with IObit Uninstaller?




Link to post
Share on other sites

Hello ZeroCool22 and welcome to Malwarebytes,

Lets grab some logs and see whats going on, continue with the following:

Open Malwarebytes, select > small cog wheel top right hand corner, that will open "settings" from there select "Security" tab.

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Close out the settings window, this will take you back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:
  • Open Malwarebytes
  • Click on the Detection History tab > from main interface.
  • Then click on "History" that will open to a historical list
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

  • Please use "Text file (*.txt), then name the file and save to a place of choice, recommend "Desktop" then attach to reply


Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
  • Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status... If English is not your primary language Right click on FRST/FRST64 and rename FRSTEnglish/FRST64English

  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.

Let me see those logs in your reply...

If any of the requested software does not run consider the following:

Disable smart screen if it interferes with software we may have to use:


Please remember to enable when we are finished....


Disable any Anti-virus software you have installed if it stops software we may use from working:


Please remember to enable AV software when we are finished running scans....

Thank you,

  • Like 1
Link to post
Share on other sites

Thx for the reply @kevinf80

I will attach all the LOGS.

PD: I will admit i have some programs cracked like you will see, but what i want to get rod off is from that Parallax + fake update firefox.

PD2: ADWARE put in quarantine some False FF Profile but the folder Parallax in C:\Program Files (x86)\Common Files\Parallax still there.

AdwCleaner[C00].txt Scan result MB.txt Addition.txt FRST.txt

Link to post
Share on other sites

But i really don't know what to do, if just deleting that Parallax folder will make me get rid of this, also i have like another 4 extra Drives connected, don't know if some information got compromised, etc...

I must say every time that fake update tried to open that porn web MB stopped it.

Also since the last restart after doing what you told me, the fake update.exe didn't tried to open that web again (almost for now).

Link to post
Share on other sites

Just now, kevinf80 said:

Hiya ZeroCool22,

Thanks for those logs, continue:

Run FRST one more time:

Type the following in the edit box after "Search:".


Click Search Registry button and post the log it makes (SearchReg.txt) to your reply.

Thank you,


Thx for all the help, this incident come in handy because i was soon formatting and upgrading my PC, so i did it some hours ago, so it's a fresh start and i will be more careful from now on.

Link to post
Share on other sites

Just now, kevinf80 said:

Hiya ZeroCool22,

Thanks for those logs, continue:

Run FRST one more time:

Type the following in the edit box after "Search:".


Click Search Registry button and post the log it makes (SearchReg.txt) to your reply.

Thank you,


1 question, AdwCleaner is FREE or there is another Paid Version with more features?

I ask because yesterday when i had the infection problem it detect and put in quarantine the False FF profile created by the infection, you think i should have bot installed?

Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you



  • Like 1
Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.