[dba-Tech] gb-installer-core

Tina Norris Fields tinanfields at torchlake.com
Tue May 16 09:11:46 CDT 2017 

Hi John,

Thanks. I'll check out that link. Do you trust it?

Here's the good news: I've managed to clean up this computer enough to 
get rid of the obvious stuff. The pop-ups are gone, the Speed Browser is 
gone, the Yahoo Search Bar is gone. The taskeng.exe box is gone. The 
gb-installer-core box is gone.

I got the point of sale hardware re-established, so the cash drawer 
opens when it's supposed to and the receipt printer spits out the 
receipt. The bar-code scanner works.

Oh, and the extra good news is that the QuickBooks software has been 
rediscovered, and the Win7 installation media may actually get found, too.

Next, the owner is going to put proper cable holes in the counter so we 
can get the cables out of the way. Right now, they all have to come down 
the service side of the counter, and be taped to the frame to keep them 
from being in the way of the workers.

Once I get them to actually do backups, we'll really be good.

T

Tina Norris Fields
tinanfields-at-torchlake-dot-com
231-322-2787

On 05/15/17 12:09 AM, John R Bartow wrote:
> Hi Tina,
> You may to give this a try:
> https://www.bitdefender.com/free-virus-removal/
>
> Best wishes,
> John
>
> -----Original Message-----
> From: dba-Tech [mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of
> Tina Norris Fields
> Sent: Sunday, May 14, 2017 1:54 PM
> To: DatabaseAdvisors-Tech
> Subject: [dba-Tech] gb-installer-core
>
> Hi All,
>
> A client - local small retail store - has this popup frequently
> appearing:  gb-installer-core has stopped working. It can be closed, but, it
> returns. It shows up at startup, but, I cannot find it in the startup list.
> I found information on the Net that Rocket Tab contains gb-installer-core -
> and I did find Rocket Tab on this box.
>
> Box is an older Dell, probably began with WinXP, is now running Win7.
>
> What I was originally supposed to do is simply put the computer system back
> together for them - they had just moved across the street from their old
> space to their new space. They had just unplugged everything and brought it
> across the street. So, all they needed was someone who knew how to hook
> things back up.
>
> Got it hooked back up. Learned that their new Internet setup is wireless.
> Cool! Except there was no wireless network adapter card in this computer,
> only an Ethernet card. Yeah, across the street, they had been cable
> connected to the modem, but, the Internet company didn't want to drill a new
> hole in the wall in the new place and insisted on placing the modem in the
> back room, some twenty feet away from where the computer is. No problem,
> though, they said, it's all wireless now.
> Here's the card with the name and passkey for the SSID.
>
> Right, except, as I mentioned above, this computer has no wireless adapter
> card. Well, I was going to be in town the next day, so I would secure a USB
> wireless adapter for the computer. Did that, and we're online. Yay!
>
> But, what about this annoying little popup? Can't we get rid of that?
> Okay, what anti-virus protection are you using? No clue. A little look-see
> reveals no installed anti-malware program - just Windows Firewall and
> Windows Defender (which is turned off). Shall we try turning on the Windows
> Defender? Sure. Guess what, it won't turn on.
>
> I did download Malwarebytes - not the one I expected to get, but a free
> trial of the Malwarebytes Premium. Installed and ran scan - would you
> believe just over 6,000 threats discovered? While running the scan, noted
> that Malwarebytes was intercepting the outbound attempt of this computer to
> reach the website i.playblasteroids.com - must have happened every couple of
> minutes during the two-hour scan.
>
> Did delete the obvious bad guys identified. But, know from past experience
> that not every identified "threat" is really a bad guy. So, proceeded
> slowly, making restore points at every major change.
>
> There was an apparently bad browser substitute, called speed.browser.
> Unfortunately, deleting that one killed the Google Chrome setup as well.
> So, I copied a setup file from my own computer to the Downloads folder on
> their computer and ran it. With Chrome reinstalled, I launched it only to
> get a red-ink warning that the connection was not secure, and I was unable
> to get to the Net.
>
> At this point I put the system back to one of the restore points, and copied
> a setup for Vipre onto their computer using my license. Installed that and
> set it to scanning. We left it running as we all went home for dinner last
> night.
>
> Who has experience with this bad guy? Malwarebytes did not find a rootkit -
> though that is what I suspect it there. This Rocket Tab thing has been on
> that computer since 2014. They've been annoyed by periodic slowdowns,
> probably while the computer was reaching out to that blasteroids website.
> Oh, my!
>
> Any ideas, friends? I'll go back tomorrow morning and tackle it again.
>
> T
>
>
> --
> Tina Norris Fields
> tinanfields-at-torchlake-dot-com
> 231-322-2787
>
> _______________________________________________
> dba-Tech mailing list
> dba-Tech at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/dba-tech
> Website: http://www.databaseadvisors.com
>
> _______________________________________________
> dba-Tech mailing list
> dba-Tech at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/dba-tech
> Website: http://www.databaseadvisors.com
>

More information about the dba-Tech mailing list