Need help with possible computer virus

[malikrthr]

Good evening everyone. I am not sure if this is a problem or not but can I please get some help with this. I am not sure if my computer has a virus. Last night, I got my computer up and running again after transferring everything over to the Corsair Obsidian 650D case. I was looking into over clocking the GPU and I downloaded a Utility called EVGA precision X 16 from a website called MajorGeeks. Shortly afterwards, I noticed that my computer was a little bit slower than usual. I uninstalled the program but when I go into Disk C, I notice every time I booted the computer, my Program Files (x86) folder, Program Files folder, keep getting modified. It seems that 2 other folders were created called MSOcache and program data. Also, three text files always show up and are modified when I start my computer. They are called Service, Index, and IPH.PH. In the program data folder, there are subfolders called Iobit, Webreg, Wondershare, Microsoft, AVG safeguard toolbar, Malwarebytes and several more. I really hope my computer is not infected. I downloaded Iobit from MajorGeeks about two years ago and don't remember all these folders and files showing up. Can I please get some help with this. Next week, incase I have to reinstall my operating system, I was going to purchase a portable hard drive to backup Trainz, music, pictures, and other important documents. Below is a screenshot of what is showing up in the Program data folder. If this is a virus, what would be the best procedure I can follow to completely remove it. Would it be safe to back up my important files to a portable hard drive.

 

[clam1952]

Be very unusual if you got a virus from Major Geeks however when in doubt.
1: Run an Antivirus scan
2. Update and run Malwarebytes

If either find anything I suggest you repeat the scans in safe mode.

iph.ph is an AOL file something to do with the Aol Client (do people still really use that?) and or Aim and you have had it since 2013 as you have had the index file. Wouldn't worry about them.
Service may be something leftover from the EVGA install as it's todays date.

 

[malikrthr]

Thank you Clam1952. I ran a quick scan with the antivirus, then I ran a custom scan selecting all the folders in my computer and afterward, I ran a full scan. Surprisingly the full scan was much shorter than usual. Probably because I had every folder selected for the custom scan. After I ran the antivirus, I updated and ran Malwarebytes. Nothing was found during the scans. Would it be alright to run adw cleaner, emsisoft emergency kit, rkill, and rogue killer tools from bleeping computer. Almost two years ago, I had a problem with a browser hijacker and followed the process from bleeping computer and it removed the hijacker. That process or sequence of programs took 12 hours to clean the browser hijacker. I really hope I did not mess up my computer after installing that EVGA precision X 16. Would it be safe to back up my important documents from the computer onto a portable hard drive?

I wonder why that IPH.PH file shows up even though I never installed or used AIM or AOL on the computer.. Below is the information that the service text file displays. After that, is what is shown in the index text file. Are these files dangerous to have on the computer. Last night, I deleted the service file but this morning, the file came back. I deleted it again this morning and when I turned the computer on this afternoon, it showed up.

 

[iannz]

How many antivirus programmes are you running? I see Norton, Hitman Pro, McAfee, and AVG toolbar to start with. I would recommend you just have one good one, not several. Personally I would be removing them all and probably installing 360safe (which is free). Keep your malwarebytes in, also another that can be useful to run is called superantispyware which does quite a good job I have found if you are unsure - although if you were to keep it in, I would remove the startup processes to stop it loading on startup and just run it when you want to scan your system.
What programmes are in that Wondershare folder or associated with that Wondershare company (your add/remove programmes or programmes and features should tell you).

 

[CRO]

Never ideal to have more than one program for virus/malware detection. Causes PC slowdown and other problems. Use one only. If you want additional scanning, download freeware HerdProtect and run it once per week. It is a cloud based scanner that connects to numerous reputable free online scanners and gives you a comprehensive report and cleaning options.

Bob

 

[clam1952]

Only thing I can find relating to service with the same file contents appart from the address appear to be related to Patching a Star wars game?
seems to video related so may well be something to do with installing that EVGA utility or it may be something to do with you system that has always appeared?

May be an idea to have a look a services and see if there is anything odd running.

As iannz says not a good idea to have more than one antivirus program active as that can cause problems.

 

[malikrthr]

I only have Microsoft Security Essentials as my antivirus. I didn't install any of those programs. It seems that that EVGA precision X 16 program that I downloaded from Major Geeks created all of these folders and programs becasue I never installed any of these programs that are showing up in the Program data folder. I do remember, when I had my last computer issue which was the Ueep browser hijacker in 2013, if I remember correctly, Wondershare was a place to download music but it harmed my computer by giving me the Ueep browser hijacker two years ago. Would it be alright to back up my trainz stuff and important documents such as pictures and music to a portable hard drive? Also, would it be recommended that I wipe my drive clean and reinstall Windows 7? I really don't want to reinstall everything because I put alot of time into my work and projects but it seems that just by downloading that EVGA program from Major Geeks, it installed all of those programs and folders. Is it safe to back all my important stuff to a portable hard drive?

 

[pdkoester]

By default some installers add more freebies. You have to deselect those when you installed precision.

 

[clam1952]

I think you are worrying needlessly, look at the dates the folders were created, none of them are 2015 so were already there and not created by the EVGA tool, if there is nothing in them just delete them.

program data will always show the current date by the way.

 

[JCitron]

I am also running Precision-X and the download did not put those 'extra' files and folders in there on my installation. If your scan showed nothing, I wouldn't worry too much about it.

I use Precision-X not to overclock, but to speed up my fan and cool the video card down.

John

 

[iannz]

To answer your question, yes, it is safe to backup your data to an external drive. You should always keep backups of any data you don't want to lose. Waiting until something is wrong before wanting to do a backup is how you lose data because when something goes wrong, it is often to late. Always have a backup and keep it as current as you can.
Good luck.

 

[malikrthr]

Thank you. Tomorrow, I am going to see about deleting those folders and programs inside the program data folder that seem a bit susipicious such as Wondershare, and any of the programs that I didn't install. I don't know what I can do about that IPH.PH, service and index text files since they keep coming back after I delete them. After that, I am going to see about getting a portable hard drive to back up Trainz and other important files like documents, music libraries and pictures. I definitely have to do a backup more often.

 

[JCitron]

Thank you. Tomorrow, I am going to see about deleting those folders and programs inside the program data folder that seem a bit susipicious such as Wondershare, and any of the programs that I didn't install. I don't know what I can do about that IPH.PH, service and index text files since they keep coming back after I delete them. After that, I am going to see about getting a portable hard drive to back up Trainz and other important files like documents, music libraries and pictures. I definitely have to do a backup more often.

I am a bit suspicious too of Wondershare even though your scan didn't find it. Sometimes you can have stuff that's immune to your antivirus. There is another free malware scanner you can try. I've run this in addition to Malwarebytes because I downloaded some crapware like you did while searching for an update to a utility I already had installed. The update came bundled with spyware which even though I unchecked the boxes not to install the add-ons in the installer, they went in anyway. Malwarebytes didn't find it, but this program did and I was able to remove the unwanted programs.

http://www.superantispyware.com/?tag=SUPERANTISPYWARE

The company is located in California and not elsewhere, which perhaps is a good thing.

In addition to this, you can also run Process Explorer and Process Monitor (ProcMon) from SysInternals. These are part of the Microsoft TechNet's System Internals, and are free utilities. With Process Explorer, you can watch what these applications are doing, and pause their process. Once paused, you can then delete their main components and kill them. It works pretty well!

In addition ProcMon, will let you capture the file threads that these open and trace down the activity farther and deeper. I've never had to do this as Process Explorer been helpful for me most of the time.

These are probably the fastest alternatives to the lengthy scans with the utilities from the very helpful Bleeping Computer website.

John

 

[iannz]

Superantispyware I mentioned in my first post, it does do a sound job I have found in the past. Good to see John has had success with it also.

Just because your AV software isn't picking up a virus, it doesn't mean you don't have one. I wouldn't place my faith in Microsoft Security Essentials however. I think it used to be good at doing its job, but I have found in the last 12 months of so it has fallen off the wagon a bit and is not detecting some common viruses that it should be. - No AV programme is perfect, but some are definitely better at detection and also cleaning than others.

My personal recommendation based on my real-world experience of effective antiviruses at this time would be, if you are buying one, then ESET products (ESET NOD32 AV, ESET Smart Security on Windows and ESET Cyber Security on MAC), if you're looking for a free one, 360safe currently does an effective job available from www.360safe.com (scroll down and look for 360 Total Security). If any of those tell you that you dont have a virus, I would tend to believe it.

I wouldn't recommend deleting folders from inside your program data folder if it contains files or you don't know what the programmes are. Always remove any programmes using the uninstall process in Programs and Features. If that doesn't work, there is software that will allow you to remove programmes. Revo Uninstaller is one, and I cant remember if CCleaner removes programmes also, it may do, I haven't used it for a long time.

Good luck, don't forget to get those files and programmes backed up before doing anything.

 

[malikrthr]

Thank you everyone for helping me with the issue. I really appreciate it I found out that a majority of the programs that I have in the program data folder where programs that I have had before but forgot about, since they have not been used in around 2 years. I've been monitoring the computer and I gave Superantispyware and Malwarebytes a run. Malwarebytes didn't detect anything and Superantispyware detected tracking cookies but those are not harmful like viruses or malware. East to remove. I also gave CCleaner a run and found a lot of clutter to remove which was good. I did not mess with any files that were vital to the computer. I also brought a portable hard drive to back up my stuff before performing any of this and backed everything up. So glad I have a backup now. It was my first time using USB 3.0 and man, I will say, it's a very nice improvement over USB 2.0. The rate at which data can be transferred between drives is much faster than USB 2.0. Thank you for helping me with this. Now, I have to make sure that I backup my stuff frequently and give some of these programs a run about every week or so.

 

[sooty3008]

I'm glad you sorted it but have a look at some tutorials on "Regedit" and how to use it, I don't want say to much on the subject as I wouldn't want the responsibility of you making a error, however if you are competent in the use of this windows feature you can take the virus out if Malware software and all else fails, I have had this problem many times and using Regedit never fails

 

[malikrthr]

I'm glad too. I have a little experience with the regedit command. I used it to delete a browser hijacker start page (UEEP) two years ago. I wouldn't really use it though unless there was a critical problem with the computer. It's great to know how to do this stuff because it saves the trouble of reinstalling the whole OS and starting from scratch. I was doing some research on different methods of cleaning the computer and I just found out that in Windows 7, there is a built in program called the Malicious Software Removal tool, similar to the safety scanner.