Suspicious files on laptop

Sunny_Saver

Hello

When I run my various malware/AV checks, I am getting this message. Can anyone help me sort out my problems please? Thanks.

Suspicious files ____________________________________________________________

+++++++++++++++++++++++++
Size . . . . . . . : 129,504 bytes
Age . . . . . . . : 0.0 days (2016-03-09 19:10:00)
Entropy . . . . . : 6.3
SHA-256 . . . . . : 8DF22F190E81D7D1542C424AF8AF7EF28C18D9DCE4714B5F3ABA1C9E2E5FA6D4
RSA Key Size . . . : 2048
Service . . . . . : QQRepair6b3
Authenticode . . . : Valid
Fuzzy . . . . . . : 45.0
The file name extension of this program is not common.
The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program starts automatically without user intervention.
Time indicates that the file appeared recently on this computer.
Starts automatically as a service during system bootup.
Program is code signed with a valid Authenticode certificate.
Startup
HKLM\SYSTEM\ControlSet001\Services\QQRepair6b3\

agrinnall

A quick search for qqrepair throws up results that suggest it is malware. A lot of the results are for removal tools, but as I've never heard of any of them I would wait until somebody who knows more and can advise on a safe removal method comes along. I would avoid doing anything financial or involving passwords until you hear something.

forgotmyname

Except a spate of machines infected by using limewire the worst cuplrit for infected machines are those where the user has installed something to help "FIX" it or make it run faster.

Gillor

What have you scanned with so far and are all showing a similar message?

Looking at the worst case scenario, if it is a rootkit be prepared for a struggle. By their very nature many of its processes are well hidden and conventional anti-virus solutions can be next to useless in their removal.

There are specialised rootkit removal tools but the easier ones to interpret may only be partially successful and those that are the most effective can be difficult to work with unless you know what you are doing, and even then you never know if the machine is fully clean.

However, as a starter you could see whether you are able to roll back to the last known good restore point, if access hasn’t already been blocked.

Then scan with Malwarebytes with the Scan for Rootkits option enabled (I seem to recall this is normally disabled by default) and see whether that digs anything out.

Hopefully you may have nothing more on your machine than a harmless leftover from a previous a/v scan. Otherwise be prepared to consider a complete system reinstall. At times like this aren’t you glad you kept your back ups up to date