[dba-Tech] gb-installer-core

Tina Norris Fields tinanfields at torchlake.com
Sun May 14 14:32:11 CDT 2017


Dan,

I completely concur with you - and it's not going to happen.

Why? Because the QuickBooks POS they're using works fine for them and 
they don't have the installation media anymore and they don't want to 
buy the updated version and QuickBooks won't sell them another copy of 
the old version - and that's just one reason.

Could I selectively image the installed software that they do want, then 
wipe the disk? I've never done that, so I don't know for sure.

Aside from the way we SHOULD do this - any experience with this 
gb-installer-core thing?

I'm hoping that Vipre will have found the culprit - but, you know, I've 
already spent 10 hours on this with precious little to show for it.

T

Tina Norris Fields
tinanfields-at-torchlake-dot-com
231-322-2787

On 05/14/17 3:07 PM, Dan Waters wrote:
> What I would do is bite the bullet and wipe the drive clean and reinstall everything.  With years of who knows what is on that drive this is the only way to know that it's clean.
>
> Also - they should have updated to W10 for free when they could have, and that's what should be installed now.  Be sure that Windows Defender is up and running with auto-updates.  And, you should insist that they install MalwareBytes Pro and get that running.  For $26/year it's much more than worth it.
>
> Best of Luck,
> Dan
>
> -----Original Message-----
> From: dba-Tech [mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of Tina Norris Fields
> Sent: May 14, 2017 13:54
> To: DatabaseAdvisors-Tech
> Subject: [dba-Tech] gb-installer-core
>
> Hi All,
>
> A client - local small retail store - has this popup frequently
> appearing:  gb-installer-core has stopped working. It can be closed, but, it returns. It shows up at startup, but, I cannot find it in the startup list. I found information on the Net that Rocket Tab contains gb-installer-core - and I did find Rocket Tab on this box.
>
> Box is an older Dell, probably began with WinXP, is now running Win7.
>
> What I was originally supposed to do is simply put the computer system back together for them - they had just moved across the street from their old space to their new space. They had just unplugged everything and brought it across the street. So, all they needed was someone who knew how to hook things back up.
>
> Got it hooked back up. Learned that their new Internet setup is wireless. Cool! Except there was no wireless network adapter card in this computer, only an Ethernet card. Yeah, across the street, they had been cable connected to the modem, but, the Internet company didn't want to drill a new hole in the wall in the new place and insisted on placing the modem in the back room, some twenty feet away from where the computer is. No problem, though, they said, it's all wireless now.
> Here's the card with the name and passkey for the SSID.
>
> Right, except, as I mentioned above, this computer has no wireless adapter card. Well, I was going to be in town the next day, so I would secure a USB wireless adapter for the computer. Did that, and we're online. Yay!
>
> But, what about this annoying little popup? Can't we get rid of that?
> Okay, what anti-virus protection are you using? No clue. A little look-see reveals no installed anti-malware program - just Windows Firewall and Windows Defender (which is turned off). Shall we try turning on the Windows Defender? Sure. Guess what, it won't turn on.
>
> I did download Malwarebytes - not the one I expected to get, but a free trial of the Malwarebytes Premium. Installed and ran scan - would you believe just over 6,000 threats discovered? While running the scan, noted that Malwarebytes was intercepting the outbound attempt of this computer to reach the website i.playblasteroids.com - must have happened every couple of minutes during the two-hour scan.
>
> Did delete the obvious bad guys identified. But, know from past experience that not every identified "threat" is really a bad guy. So, proceeded slowly, making restore points at every major change.
>
> There was an apparently bad browser substitute, called speed.browser.
> Unfortunately, deleting that one killed the Google Chrome setup as well.
> So, I copied a setup file from my own computer to the Downloads folder on their computer and ran it. With Chrome reinstalled, I launched it only to get a red-ink warning that the connection was not secure, and I was unable to get to the Net.
>
> At this point I put the system back to one of the restore points, and copied a setup for Vipre onto their computer using my license. Installed that and set it to scanning. We left it running as we all went home for dinner last night.
>
> Who has experience with this bad guy? Malwarebytes did not find a rootkit - though that is what I suspect it there. This Rocket Tab thing has been on that computer since 2014. They've been annoyed by periodic slowdowns, probably while the computer was reaching out to that blasteroids website. Oh, my!
>
> Any ideas, friends? I'll go back tomorrow morning and tackle it again.
>
> T
>
>
> --
> Tina Norris Fields
> tinanfields-at-torchlake-dot-com
> 231-322-2787
>
> _______________________________________________
> dba-Tech mailing list
> dba-Tech at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/dba-tech
> Website: http://www.databaseadvisors.com
>
> _______________________________________________
> dba-Tech mailing list
> dba-Tech at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/dba-tech
> Website: http://www.databaseadvisors.com
>



More information about the dba-Tech mailing list