[dba-Tech] gb-installer-core

Helmut Kotsch hkotsch at arcor.de
Sun May 14 15:08:46 CDT 2017


You can still grab a free Windows 10 copy after July 29, 2016

https://tinyurl.com/lzkufz5

Helmut


-----Ursprüngliche Nachricht-----
Von: dba-Tech [mailto:dba-tech-bounces at databaseadvisors.com] Im Auftrag von
Dan Waters
Gesendet: Sonntag, 14. Mai 2017 21:07
An: Discussion of Hardware and Software issues
Betreff: Re: [dba-Tech] gb-installer-core

What I would do is bite the bullet and wipe the drive clean and reinstall
everything.  With years of who knows what is on that drive this is the only
way to know that it's clean.  

Also - they should have updated to W10 for free when they could have, and
that's what should be installed now.  Be sure that Windows Defender is up
and running with auto-updates.  And, you should insist that they install
MalwareBytes Pro and get that running.  For $26/year it's much more than
worth it.

Best of Luck,
Dan

-----Original Message-----
From: dba-Tech [mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of
Tina Norris Fields
Sent: May 14, 2017 13:54
To: DatabaseAdvisors-Tech
Subject: [dba-Tech] gb-installer-core

Hi All,

A client - local small retail store - has this popup frequently
appearing:  gb-installer-core has stopped working. It can be closed, but, it
returns. It shows up at startup, but, I cannot find it in the startup list.
I found information on the Net that Rocket Tab contains gb-installer-core -
and I did find Rocket Tab on this box.

Box is an older Dell, probably began with WinXP, is now running Win7.

What I was originally supposed to do is simply put the computer system back
together for them - they had just moved across the street from their old
space to their new space. They had just unplugged everything and brought it
across the street. So, all they needed was someone who knew how to hook
things back up.

Got it hooked back up. Learned that their new Internet setup is wireless.
Cool! Except there was no wireless network adapter card in this computer,
only an Ethernet card. Yeah, across the street, they had been cable
connected to the modem, but, the Internet company didn't want to drill a new
hole in the wall in the new place and insisted on placing the modem in the
back room, some twenty feet away from where the computer is. No problem,
though, they said, it's all wireless now. 
Here's the card with the name and passkey for the SSID.

Right, except, as I mentioned above, this computer has no wireless adapter
card. Well, I was going to be in town the next day, so I would secure a USB
wireless adapter for the computer. Did that, and we're online. Yay!

But, what about this annoying little popup? Can't we get rid of that? 
Okay, what anti-virus protection are you using? No clue. A little look-see
reveals no installed anti-malware program - just Windows Firewall and
Windows Defender (which is turned off). Shall we try turning on the Windows
Defender? Sure. Guess what, it won't turn on.

I did download Malwarebytes - not the one I expected to get, but a free
trial of the Malwarebytes Premium. Installed and ran scan - would you
believe just over 6,000 threats discovered? While running the scan, noted
that Malwarebytes was intercepting the outbound attempt of this computer to
reach the website i.playblasteroids.com - must have happened every couple of
minutes during the two-hour scan.

Did delete the obvious bad guys identified. But, know from past experience
that not every identified "threat" is really a bad guy. So, proceeded
slowly, making restore points at every major change.

There was an apparently bad browser substitute, called speed.browser. 
Unfortunately, deleting that one killed the Google Chrome setup as well. 
So, I copied a setup file from my own computer to the Downloads folder on
their computer and ran it. With Chrome reinstalled, I launched it only to
get a red-ink warning that the connection was not secure, and I was unable
to get to the Net.

At this point I put the system back to one of the restore points, and copied
a setup for Vipre onto their computer using my license. Installed that and
set it to scanning. We left it running as we all went home for dinner last
night.

Who has experience with this bad guy? Malwarebytes did not find a rootkit -
though that is what I suspect it there. This Rocket Tab thing has been on
that computer since 2014. They've been annoyed by periodic slowdowns,
probably while the computer was reaching out to that blasteroids website.
Oh, my!

Any ideas, friends? I'll go back tomorrow morning and tackle it again.

T


--
Tina Norris Fields
tinanfields-at-torchlake-dot-com
231-322-2787

_______________________________________________
dba-Tech mailing list
dba-Tech at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/dba-tech
Website: http://www.databaseadvisors.com

_______________________________________________
dba-Tech mailing list
dba-Tech at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/dba-tech
Website: http://www.databaseadvisors.com




More information about the dba-Tech mailing list