[dba-Tech] gb-installer-core

[Tina Norris Fields]

Hi All,

A client - local small retail store - has this popup frequently 
appearing:  gb-installer-core has stopped working. It can be closed, 
but, it returns. It shows up at startup, but, I cannot find it in the 
startup list. I found information on the Net that Rocket Tab contains 
gb-installer-core - and I did find Rocket Tab on this box.

Box is an older Dell, probably began with WinXP, is now running Win7.

What I was originally supposed to do is simply put the computer system 
back together for them - they had just moved across the street from 
their old space to their new space. They had just unplugged everything 
and brought it across the street. So, all they needed was someone who 
knew how to hook things back up.

Got it hooked back up. Learned that their new Internet setup is 
wireless. Cool! Except there was no wireless network adapter card in 
this computer, only an Ethernet card. Yeah, across the street, they had 
been cable connected to the modem, but, the Internet company didn't want 
to drill a new hole in the wall in the new place and insisted on placing 
the modem in the back room, some twenty feet away from where the 
computer is. No problem, though, they said, it's all wireless now. 
Here's the card with the name and passkey for the SSID.

Right, except, as I mentioned above, this computer has no wireless 
adapter card. Well, I was going to be in town the next day, so I would 
secure a USB wireless adapter for the computer. Did that, and we're 
online. Yay!

But, what about this annoying little popup? Can't we get rid of that? 
Okay, what anti-virus protection are you using? No clue. A little 
look-see reveals no installed anti-malware program - just Windows 
Firewall and Windows Defender (which is turned off). Shall we try 
turning on the Windows Defender? Sure. Guess what, it won't turn on.

I did download Malwarebytes - not the one I expected to get, but a free 
trial of the Malwarebytes Premium. Installed and ran scan - would you 
believe just over 6,000 threats discovered? While running the scan, 
noted that Malwarebytes was intercepting the outbound attempt of this 
computer to reach the website i.playblasteroids.com - must have happened 
every couple of minutes during the two-hour scan.

Did delete the obvious bad guys identified. But, know from past 
experience that not every identified "threat" is really a bad guy. So, 
proceeded slowly, making restore points at every major change.

There was an apparently bad browser substitute, called speed.browser. 
Unfortunately, deleting that one killed the Google Chrome setup as well. 
So, I copied a setup file from my own computer to the Downloads folder 
on their computer and ran it. With Chrome reinstalled, I launched it 
only to get a red-ink warning that the connection was not secure, and I 
was unable to get to the Net.

At this point I put the system back to one of the restore points, and 
copied a setup for Vipre onto their computer using my license. Installed 
that and set it to scanning. We left it running as we all went home for 
dinner last night.

Who has experience with this bad guy? Malwarebytes did not find a 
rootkit - though that is what I suspect it there. This Rocket Tab thing 
has been on that computer since 2014. They've been annoyed by periodic 
slowdowns, probably while the computer was reaching out to that 
blasteroids website. Oh, my!

Any ideas, friends? I'll go back tomorrow morning and tackle it again.

T


-- 
Tina Norris Fields
tinanfields-at-torchlake-dot-com
231-322-2787