[dba-Tech] gb-installer-core
Tina Norris Fields
tinanfields at torchlake.com
Sun May 14 13:53:51 CDT 2017
Hi All,
A client - local small retail store - has this popup frequently
appearing: gb-installer-core has stopped working. It can be closed,
but, it returns. It shows up at startup, but, I cannot find it in the
startup list. I found information on the Net that Rocket Tab contains
gb-installer-core - and I did find Rocket Tab on this box.
Box is an older Dell, probably began with WinXP, is now running Win7.
What I was originally supposed to do is simply put the computer system
back together for them - they had just moved across the street from
their old space to their new space. They had just unplugged everything
and brought it across the street. So, all they needed was someone who
knew how to hook things back up.
Got it hooked back up. Learned that their new Internet setup is
wireless. Cool! Except there was no wireless network adapter card in
this computer, only an Ethernet card. Yeah, across the street, they had
been cable connected to the modem, but, the Internet company didn't want
to drill a new hole in the wall in the new place and insisted on placing
the modem in the back room, some twenty feet away from where the
computer is. No problem, though, they said, it's all wireless now.
Here's the card with the name and passkey for the SSID.
Right, except, as I mentioned above, this computer has no wireless
adapter card. Well, I was going to be in town the next day, so I would
secure a USB wireless adapter for the computer. Did that, and we're
online. Yay!
But, what about this annoying little popup? Can't we get rid of that?
Okay, what anti-virus protection are you using? No clue. A little
look-see reveals no installed anti-malware program - just Windows
Firewall and Windows Defender (which is turned off). Shall we try
turning on the Windows Defender? Sure. Guess what, it won't turn on.
I did download Malwarebytes - not the one I expected to get, but a free
trial of the Malwarebytes Premium. Installed and ran scan - would you
believe just over 6,000 threats discovered? While running the scan,
noted that Malwarebytes was intercepting the outbound attempt of this
computer to reach the website i.playblasteroids.com - must have happened
every couple of minutes during the two-hour scan.
Did delete the obvious bad guys identified. But, know from past
experience that not every identified "threat" is really a bad guy. So,
proceeded slowly, making restore points at every major change.
There was an apparently bad browser substitute, called speed.browser.
Unfortunately, deleting that one killed the Google Chrome setup as well.
So, I copied a setup file from my own computer to the Downloads folder
on their computer and ran it. With Chrome reinstalled, I launched it
only to get a red-ink warning that the connection was not secure, and I
was unable to get to the Net.
At this point I put the system back to one of the restore points, and
copied a setup for Vipre onto their computer using my license. Installed
that and set it to scanning. We left it running as we all went home for
dinner last night.
Who has experience with this bad guy? Malwarebytes did not find a
rootkit - though that is what I suspect it there. This Rocket Tab thing
has been on that computer since 2014. They've been annoyed by periodic
slowdowns, probably while the computer was reaching out to that
blasteroids website. Oh, my!
Any ideas, friends? I'll go back tomorrow morning and tackle it again.
T
--
Tina Norris Fields
tinanfields-at-torchlake-dot-com
231-322-2787
More information about the dba-Tech
mailing list