How to remove GoogleChrome.a3x

A new variant of Worm.autoIt GoogleUpdate.a3x just been discovered by UsbFix: GoogleChrome.a3x

This variant create 2 folders on the system disk :

[fusion_builder_container hundred_percent=”yes” overflow=”visible”][fusion_builder_row][fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”][fusion_checklist icon=”fa-chevron-right” iconcolor=”” circle=”” circlecolor=”” size=”small” class=”” id=””]
[fusion_li_item icon=”fa-chevron-right”]C:\GoogleChrome[/fusion_li_item]
[fusion_li_item icon=”fa-chevron-right”]C:\MozillaFirefox[/fusion_li_item]
[/fusion_checklist]

[fusion_separator top=”10″ style=”none”/]

She put the malicious script GoogleChrome.a3x (encoded AutoIt Script), renowned wscript.exe copies, copies of famous AutoIt.exe, copies of cmd.exe renamed and shortcuts :

[/fusion_builder_column][fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”][fusion_checklist icon=”fa-chevron-right” iconcolor=”” circle=”” circlecolor=”” size=”small” class=”” id=””]
[fusion_li_item icon=”fa-chevron-right”]GoogleChrome.lnk[/fusion_li_item]
[fusion_li_item icon=”fa-chevron-right”]GoogleUpdate.lnk[/fusion_li_item]
[fusion_li_item icon=”fa-chevron-right”]MozillaFirefox.lnk[/fusion_li_item]
[fusion_li_item icon=”fa-chevron-right”]My Music.lnk[/fusion_li_item]
[fusion_li_item icon=”fa-chevron-right”]WindowsUpdate.lnk[/fusion_li_item]
[/fusion_checklist]

[fusion_separator top=”10″ style=”none”/]

GoogleChrome.a3x create two shortcuts in Windows Startup folder to call the malicious script with command CMD or AutoIt executable :

[/fusion_builder_column][fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”][fusion_checklist icon=”fa-chevron-right” iconcolor=”” circle=”” circlecolor=”” size=”small” class=”” id=””]
[fusion_li_item icon=”fa-chevron-right”]%StartUp%\Google Chrome.lnk : %SysDir%\cmd.exe -> %SystemDrive%\MozillaFirefox\GoogleChrome.a3x[/fusion_li_item]
[fusion_li_item icon=”fa-chevron-right”]%StartUp%\GoogleUpdate.lnk : %SystemDrive%\GoogleChrome\GoogleChrome.exe (Autoit.exe renommé) -> %SystemDrive%\GoogleChrome\GoogleChrome.a3x[/fusion_li_item]
[/fusion_checklist]

[fusion_separator top=”10″ style=”none”/]

The infection will then spread to removable drives (USB, SD card etc), it created the MozillaFirefox folder and places his malicious code :
%UsbDrive%:\MozillaFirefox\GoogleChrome.a3x
She also create this following files :

[/fusion_builder_column][fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”][fusion_checklist icon=”fa-chevron-right” iconcolor=”” circle=”” circlecolor=”” size=”small” class=”” id=””]
[fusion_li_item icon=”fa-chevron-right”]%UsbDrive%:\! Videos\! Videos.lnk[/fusion_li_item]
[fusion_li_item icon=”fa-chevron-right”]%UsbDrive%:\! Videos\My Music.lnk[/fusion_li_item]
[fusion_li_item icon=”fa-chevron-right”]%UsbDrive%:\My Games\My Games.lnk[/fusion_li_item]
[fusion_li_item icon=”fa-chevron-right”]%UsbDrive%:\My Games\My Music.lnk[/fusion_li_item]
[fusion_li_item icon=”fa-chevron-right”]%UsbDrive%:\My Videos\My Videos.lnk[/fusion_li_item]
[fusion_li_item icon=”fa-chevron-right”]%UsbDrive%:\My Videos\My Music.lnk[/fusion_li_item]
[fusion_li_item icon=”fa-chevron-right”]%UsbDrive%:\My Movies\My Movies.lnk[/fusion_li_item]
[fusion_li_item icon=”fa-chevron-right”]%UsbDrive%:\My Movies\My Music.lnk[/fusion_li_item]
[/fusion_checklist]

[fusion_separator top=”10″ style=”none”/]

.lnk Files are shortcuts, they are all trapped in order to execute the malicious script GoogleChrome.a3x.
A trapped shortcut is created in all folder of the USB drive : My Music.lnk

[/fusion_builder_column][fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”][fusion_title size=”3″]UsbFix Detection :[/fusion_title]

Deleted! I:\Documents.lnk
Deleted! I:\Downloads.lnk
Deleted! C:\GoogleChrome\GoogleChrome.a3x
Deleted! C:\GoogleChrome\GoogleChrome.exe
Deleted! C:\GoogleChrome\GoogleChrome.lnk
Deleted! C:\GoogleChrome\GoogleUpdate.lnk
Deleted! C:\GoogleChrome\MozillaFirefox.lnk
Deleted! C:\GoogleChrome\My Music.lnk
Deleted! C:\GoogleChrome\WindowsUpdate.lnk
Deleted! C:\GoogleChrome
Deleted! C:\MozillaFirefox\GoogleChrome.a3x
Deleted! C:\MozillaFirefox\GoogleChrome.exe
Deleted! C:\MozillaFirefox\GoogleChrome.lnk
Deleted! C:\MozillaFirefox\GoogleUpdate.lnk
Deleted! C:\MozillaFirefox\MozillaFirefox.lnk
Deleted! C:\MozillaFirefox\My Music.lnk
Deleted! C:\MozillaFirefox\WindowsUpdate.lnk
Deleted! C:\MozillaFirefox
Deleted! E:\MozillaFirefox\GoogleChrome.a3x
Deleted! E:\MozillaFirefox\GoogleChrome.exe
Deleted! E:\MozillaFirefox\GoogleChrome.lnk
Deleted! E:\MozillaFirefox\GoogleUpdate.lnk
Deleted! E:\MozillaFirefox\MozillaFirefox.lnk
Deleted! E:\MozillaFirefox\My Music.lnk
Deleted! E:\MozillaFirefox\WindowsUpdate.lnk
Deleted! E:\MozillaFirefox
Deleted! F:\MozillaFirefox\GoogleChrome.a3x
Deleted! F:\MozillaFirefox\GoogleChrome.exe
Deleted! F:\MozillaFirefox\GoogleChrome.lnk
Deleted! F:\MozillaFirefox\GoogleUpdate.lnk
Deleted! F:\MozillaFirefox\MozillaFirefox.lnk
Deleted! F:\MozillaFirefox\My Music.lnk
Deleted! F:\MozillaFirefox\WindowsUpdate.lnk
Deleted! F:\MozillaFirefox
Deleted! G:\MozillaFirefox\GoogleChrome.a3x
Deleted! G:\MozillaFirefox\GoogleChrome.exe
Deleted! G:\MozillaFirefox\GoogleChrome.lnk
Deleted! G:\MozillaFirefox\GoogleUpdate.lnk
Deleted! G:\MozillaFirefox\MozillaFirefox.lnk
Deleted! G:\MozillaFirefox\My Music.lnk
Deleted! G:\MozillaFirefox\WindowsUpdate.lnk
Deleted! G:\MozillaFirefox
Deleted! I:\MozillaFirefox\GoogleChrome.a3x
Deleted! I:\MozillaFirefox\GoogleChrome.exe
Deleted! I:\MozillaFirefox\GoogleChrome.lnk
Deleted! I:\MozillaFirefox\GoogleUpdate.lnk
Deleted! I:\MozillaFirefox\MozillaFirefox.lnk
Deleted! I:\MozillaFirefox\My Music.lnk
Deleted! I:\MozillaFirefox\WindowsUpdate.lnk
Deleted! I:\MozillaFirefox
Deleted! I:\System Volume Information\My Music.lnk
Deleted! I:\Yennai Arindhaal (2015) – LOTUS DVDRip – x264 – AAC [/fusion_builder_column][fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”][DDR]\My Music.lnk
Deleted! I:\My Games\My Music.lnk
Deleted! I:\My Videos\My Music.lnk
Deleted! I:\My Movies\My Music.lnk
Deleted! I:\My Games\My Games.lnk
Deleted! I:\My Movies\My Movies.lnk
Deleted! I:\My Videos\My Videos.lnk
Deleted! HKU\S-1-5-21-2257280705-2107825200-3901767750-1000\Software\Microsoft\Windows\CurrentVersion\Run|Google Chrome
Deleted! HKU\S-1-5-21-2257280705-2107825200-3901767750-1000\Software\Microsoft\Windows\CurrentVersion\Run|AdopeFlash
Deleted! HKU\S-1-5-21-2257280705-2107825200-3901767750-1000\Software\Microsoft\Windows\CurrentVersion\Run|AdopeUpdate

How to remove GoogleChrome.a3x ?

[fusion_separator top=”40″ style=”shadow”/]
[fusion_builder_row_inner][fusion_builder_column_inner type=”1_2″ last=”no”]
[/fusion_builder_column][fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”][fusion_checklist icon=”fa-arrow-right” iconcolor=”#1e73be” circle=”no” circlecolor=”” size=”15px” class=”” id=””]

  • Download UsbFix on your computer, and execute it.
  • It will launch automatically, and a shortcut will be created on your desktop.
  • Connect all your external data sources to your PC (Usb keys, external drives, etc…) Do not open them.
  • Choose “Clean” option.

[/fusion_checklist]
[/fusion_builder_column_inner]
[/fusion_builder_column][fusion_builder_column type=”1_2″ last=”yes”]

[/fusion_builder_column]

[fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”][fusion_separator top=”20″ style=”none”/]

[fusion_imageframe lightbox=”no” lightbox_image=”” style_type=”” hover_type=”zoomin” bordercolor=”#d3d3d3″ bordersize=”0px” border radius=”0″ stylecolor=”” align=”center” link=”” linktarget=”” animation_type=”0″ animation_direction=”down” animation_speed=”0.1″ class=”” id=””] usbfix-clean [/fusion_imageframe]

[fusion_separator top=”30″ style=”none”/]

[fusion_button link=”https://www.usb-antivirus.com/2014/02/usbfix-tutorial-clean-option/” color=”custom” size=”large” type=”shake” shape=”square” target=”_self” title=”Tutorial” gradient_colors=”transparent|” gradient_hover_colors=”rgba(000,000,000,.05)|” accent_color=”#a0ce4e” accent_hover_color=”#96c346″ bevel_color=”” border_width=”2px” shadow=”no” icon=”fa-star” icon_position=”left” icon_divider=”yes” modal=”” animation_type=”0″ animation_direction=”up” animation_speed=”1″ alignment=”” class=”” id=””]Tutorial UsbFix[/fusion_button]

[fusion_separator style_type=”shadow” top_margin=”40″ bottom_margin=”40″ sep_color=”” icon=”” width=”” class=”” id=””/]

[/fusion_builder_column][fusion_builder_column type=”1_2″ last=”no” class=”” id=””][fusion_imageframe lightbox=”no” style_type=”none” bordercolor=”#d1d1d1″ bordersize=”0px” stylecolor=”#ffffff” align=”center” link=”” linktarget=”_self” animation_type=”0″ animation_direction=”” animation_speed=”0.1″ class=”” id=””] logo-2-300x86 [/fusion_imageframe][/fusion_builder_column][fusion_builder_column type=”1_2″ last=”yes” class=”” id=””][fusion_text]

Free Support

[/fusion_text][fusion_button link=”https://www.sos-virus.net/” color=”custom” size=”large” type=”shake” shape=”square” target=”_blank” title=”Free support” gradient_colors=”transparent|” gradient_hover_colors=”rgba(000,000,000,.05)|” accent_color=”#a0ce4e” accent_hover_color=”#96c346″ bevel_color=”” border_width=”2px” shadow=”no” icon=”fa-star” icon_position=”left” icon_divider=”yes” modal=”” animation_type=”0″ animation_direction=”up” animation_speed=”1″ alignment=”” class=”” id=””]Forum SosVirus[/fusion_button][/fusion_builder_column][fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”][fusion_separator style_type=”shadow” top_margin=”40″ bottom_margin=”40″ sep_color=”” icon=”” width=”” class=”” id=””/][/fusion_builder_column][fusion_builder_column type=”1_2″ last=”no” class=”” id=””][fusion_text]

[/fusion_text][fusion_title size=”3″ content_align=”left” style_type=”” sep_color=”” class=”” id=””]Help UsbFix[/fusion_title][fusion_text][sdonations]1[/sdonations]

[/fusion_text][/fusion_builder_column][fusion_builder_column type=”1_2″ last=”yes” class=”” id=””][fusion_title size=”3″ content_align=”left” style_type=”” sep_color=”” class=”” id=””]Rate this post[/fusion_title][fusion_separator style_type=”none” top_margin=”20″ bottom_margin=”” sep_color=”” icon=”” width=”” class=”” id=””/]
[fusion_text][ratings][/fusion_text][/fusion_builder_column]

[fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”][fusion_separator style_type=”shadow” top_margin=”40″ bottom_margin=”40″ sep_color=”” icon=”” width=”” class=”” id=””/][/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Shopping Cart
Scroll to Top