Jump to content


Photo
  • This topic is locked This topic is locked
1 reply to this topic

#1 MalwareHelpNeeded

MalwareHelpNeeded

    New Member

  • Members
  • Pip
  • 9 posts

Posted 12 October 2013 - 07:23 PM

I have a file that I downloaded onto my PC that ended up on my list of Programs - it's called "Zip Extractor Packages" and clicking on it also installed some known malware programs.
 
I'm not sure if it's a virus, malware, a benign or dangerous PUP or something else, but since there are only a few dozen Google hits on this, I'm wondering if it's brand new, what its effects are and how to remove it.  
 
Unfortunately I don't have a copy or screen shot to attach, since my PC is now in the repair shop, but I believe I downloaded it based on a link from the moderator of MalwareTips.com that said it was a link for RogueKiller. Unless the link was changed from a few days ago, I believe the link was listed as this:
 
RogueKiller Download Link : http://tigzy.geeksto...roguekiller.php
 
Here's what happened: I downloaded two mp3/WMA splitters that came in a zip pack (I think it was from cnet, and it was  "MP3 WMA Cutter" & another, but my PC is in the shop so I'm not sure of the 2nd one). Two days later I noticed that I couldn't update my AVG free, then I closed my Firefox browsers (which had all been open for a couple days) and when I reopened, the homepage was "searchnu.com"
 
I went to MalwareTips.com and followed the removal instructions (I also had "searchqu.com" & "IB Updater" and maybe another) - it removed most from my Uninstall a Program list, but "Windows SearchQu Toolbar" remained. When I tried to uninstall, it said it may have been removed... and then a NEW program appeared on the list - Sweetpacks.
 
I went back to another help page on the site ( http://malwaretips.c...tpacks-toolbar/ ) and tried to remove both with all the steps - both stayed - so I went to the link in the site author's comments to download RogueKiller (DO NOT go to this link unless you have a way to safely download and examine it - it's listed there as " "RogueKiller Download Link : http://tigzy.geeksto...roguekiller.php")
 
Instead of just the program, it asked me if I wanted to install "Zip Extractor Packages" and I stupidly did. When I clicked on it, it installed that malware & other programs: Sweetpacks, Bitguard, gol search, another gol program, and OpenIt!.
I downloaded Revo uninstaller & tried uninstalling, but Sweetpacks wouldn't uninstall, and I was too scared to use the official & odd-looking "uninstaller" screen that popped up when I tried to uninstall Zip Extractor Packages, especially with so few Google hits about it out there.
 
Right now my pc is with the Geek Squad - they've found my hardware is clean and are now checking my data -- but my concern is that this "Zip Extractor Packages" is so new that there may still be something on the pc, even if they tell me it's ok, since it may still be unknown or unanalyzed.
 
Anyone know about this malware, or can report it to whoever these things get reported to so it can be fixed? A friend in IT said antivirus/malware co's usually have 30 days after IDing a new item to come up with a solution, and with only 34 Google page hits on this thing the last time I checked, I'm afraid I may be Ground Zero with a new virus or malware or dangerous PUP.
 
And a few related things it may have affected:
 
--My Geek Squad rep said the AVI, MP3 and Word cocs I dragged to my zip drive after all this happened wouldn't carry the malware or corruption (only if an .exe & another file type I can't remember were dragged over), but a friend who works in IT said it could be dragged over. Anyone know?
 
--my Yahoo email was reset, and the format where you can see multiple tabs of different email on one screen is no longer available, either on the Basic or new updated version. This may just be because I reset Firefox and IE along the way, but I'm wondering if malware can do this? (Changes are still there when I access email from another PC & other browsers)
 
--I'm also concerned that the site MalwareTips.com may be perpetuating malware, since they didn't post my post on this I never got an emailed reply or post accepted to MalwareTips.com, but i did get an increase in spam to the email address I submitted with my post
 
Thanks!
Jeff

 



#2 shadowwar

shadowwar

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 5,227 posts
  • Gender:Male

Posted 12 October 2013 - 09:10 PM

Umm i am not sure what you are asking here . In this subforum it is for file submissions only. If you need help removing this when you get back your pc you can post in the malware removal subforum.

 

As far as the link. The link itself is fine. You may have accidently clicked on the ad at the top of the page instead of the download underneath it. Roguekiller is a legit and good app to remove stuff.


Rich Matteo
Research Engineer

staff.png

Follow us: Twitter, Become a fan: Facebook





Also tagged with one or more of these keywords: Zip Extractor Packages, RogueKiller, MalwareTips, Sweetpacks, searchnu, searchqu, OpenIt!, gol search, Bitguard

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users