I think I know what it is called. The suspicious files are named GEARAspi.dll, GEARAspi64.dll,and GEARAspiWDM.sys, in a folder named {93E26451-CD9A-43A5-A2FA-C42392EA4001} in the Program Data folder. This virus is HORRID! It is slowing eating up all the space on my hard drive(s) it is on (it is on both my computers – downloaded shared program is to blame) it deactivates new anti-virus updates, it eats up the memory so the system runs slower and slower with each shut down and startup. Other files in this package are called DIFxAPI.dll, DifXInstall64.exe, DIFxInstallLog.txt, GEARAspiWDM.inf, gearaspiwdmx64.cat. PLEASE HELP ME! I don’t want to have to do a factory reset! Thanks!
I do also have another suspicious folder that nothing has detected yet called {3C0AACBF-B491-4BE5-BAF9-AA46E0629E42} containing files {09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}.native.bitness.log, {09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}.native.data.log, {09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}.native.elements.log, {09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}.native.weight.log, and an empty folder called {09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}. I mean, things as powerful as EmsiSoft has not taken care of my virus problem yet. I have been at this for 3 days now, and have concluded that these are my most suspicious files.
Thanks
I am guessing the GEARA Virus, if it is a virus, was named after the Geara Zulu and Geara Doga suits in Gundam – very typical for a virus programmer to name it after such a thing, no?
read this http://dll.paretologic.com/detail.php/gearaspi
m,ay explain
Thanks, but it still doesn’t explain why I am losing 2 gigs an hour on my hard drive, and it runs slower than hell, and that nothing can detect it.
suspicious file(s) can be uploaded and tested here www.virustotal.com / www.metascan-online.com
if tested before, click rescan for a fresh result
how to get help with infections … instructions here https://forum.avast.com/index.php?topic=53253.0
The files you’re mentioning in your first post are iTunes files ;D
GEAR PRO communicates with devices on the system via the gearaspi.dll driver, which is part of the GEAR driver set.
No, they are not iTunes files.
GEAR licenses our CD/DVD recording 'drivers' to many companies to add CD/DVD recording capabilities to their software products. This driver interface provides the connection between their software application and the user's operating system and hardware.
Yep, I know what it is now. I should have googled the dll file like I usually do before posting. Still turning up nada on my search for this pesky file tho, and all the scans are turning up nada. Also once it’s fixed how do I reclaim lost space?
@Eddy, the GEARAspi.dll associated applications are Apple’s iTunes, Cakewalk’s Pyro, Audible’s AudibleManager and DiscWelder
All the files mentioned complete by ladysorrowishana are the exact same as mine here that I pictured earlier and they belong to iTunes.
I have a few files in the folder c:\Windows\System32\LogFiles\WMI that I can’t put into the virus scanner provided. I googled info on the files and nothing came up. They are named EtwRTDiagLog.etl, EtwRTEventLog-Application.etl, EtwRTEventlog-Security.etl, EtwRTEventLog-System.etl, EtwRTMsMpPsSession7.etl, EtwRTUBPM.etl. Any help on what these are is appreciated!
I believe they’re are part of the event viewer log files.
Many files on your system wont make sense, if you look hard and long enough you’ll just keep finding more and more.
Is it normal for the Administrator to not have access to the MSTC folder in the System 32 folder?
Edit: on second thought I’m not gonna share this… I’ll keep trying on my own…
This is the second log created with ASW.
Edit: I don’t know if this file is complete. I thought it was done scanning when I saved it, but it is tricky to tell with this program, which allows you to save a log while it is still in process.
Edit: Once again having second thoughts…
Something else you need to look into is running the Kasperskey AV removal tool found here https://www.avast.com/en-au/faq.php?article=AVKB11#articleContent to remove remnants of your old AV since you are now using Avast.
One of the malware removers will check your logs over when they arrive later.
Yes, I realize what one of the logs reveal about me, but please understand that I am a mentally disabled woman living on SSI and… well… If there’s a PM and you realize where I am going feel free to chat me up…
Sorry… I just… This shares some personal stuff…
I have no idea what you are referring too ??? my comment simply stated you need to look into removing your previous Anti-Virus ( Kasperskey ) remnants.