BunniLeigh Posted August 12, 2010 Posted August 12, 2010 Hi all, hope you can help, We currently use 4 computers through a router, and of late have had terrible trouble with the internet, as getting blank pages, and timing out etc, When we checked all the computers, we found that one of them has a process running.. which when stopped, seems to stop all the above problems. the process is titled fxnu8riz6zi.exe!!! i have tried to google this and get no results whatsoever, and when I open the file location, it takes me to AppData/Roaming, If as i say we end the process everything works fine, but as soon as the computer is rebooted, the process appears once again. Any help would be very much appriecated. Quote
Armageddon Posted August 12, 2010 Posted August 12, 2010 Hi Leigh just going on the name of the thing I'd say it was malware can you provide us with what scans you have ran etc then either myself or our basically fantastic Malware guys will provide assistance Quote Google is your friend We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs. Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
BunniLeigh Posted August 12, 2010 Author Posted August 12, 2010 Thank you Armageddon for such a quick reply, to be honest i havent scanned with anything, as wasnt sure what to try, the security on the computer is advanced system care, and that hasnt found anything, any suggestions of what to use to scan would be appriecated. Quote
Armageddon Posted August 12, 2010 Posted August 12, 2010 (edited) Hi leigh can you download and run this please Malwarebytes Please download Malwarebytes Anti-Malware and save it to your desktop. Make sure you are connected to the Internet. Double-click on Download_mbam-setup.exe to install the application. When the installation begins, follow the prompts and do not make any changes to default settings. When installation has finished, make sure you leave both of these checked: Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware Then click Finish. MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. On the Scanner tab: Make sure the "Perform Full Scan" option is selected. Then click on the Scan button. If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient. When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found". Click OK to close the message box and continue with the removal process. Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found. Make sure that everything is checked, and click Remove Selected. When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below) The log is automatically saved and can be viewed by clicking the Logs tab in MBAM. Copy and paste the contents of that report in your next reply and exit MBAM. Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware. Edited August 12, 2010 by Armageddon Quote Google is your friend We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs. Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
BunniLeigh Posted August 12, 2010 Author Posted August 12, 2010 Thank you the computer is scanning right now, will post results when done. Quote
seedy21 Posted August 12, 2010 Posted August 12, 2010 If MalwareBytes doesn't find anything i would scanning with Super Anti Spyware or SAS for short. Please download from here and use the default settings in the installation The first time you run it, it will ask you whether you want to Enable Automatic Update Checking. This is enabled by default. Since so many people come here complaining about slow start up, I suggest that you disable this now. If you later decide to keep SAS, you should enable automatic updating to make sure you are always up to date. On the next form, you should allow diagnostic reports to be sent but this option is up to you. On the next form fro Home Page protection, you should select Do Not Protect . We do this at this time because we do not want anything to get in the way of cleanup In SUPERAntiSpyware under Configuration and Preferences, click the Preferences button. Under Start-Up Options uncheck the Start SUPERAntiSpyware when Windows starts option Now click the Scanning Control tab. Under Scanner Options make sure that only the following are Unchecked ( make sure all others are checked ): Scan only known file types Scan for tracking cookies Display scan option in Explorer context (right click) menu [*]Click the "Close" button to leave the control center screen. [*]Back on the main screen, under Scan for Harmful Software click Scan your computer. [*]On the left, make sure you check C:\Fixed Drive and any other Fixed Drives in your PC. [*]On the right, under Complete Scan, choose Perform Complete Scan. After the scan is Completed, save the log Please post the results if any on your next reply All the best Seedy21 Quote “It's only after we've lost everything that we're free to do anything.”― Chuck Palahniuk, Fight Club http://www.geekstogo.com/downloads/unite_blue.png Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here We are all members helping other members.Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.
BunniLeigh Posted August 12, 2010 Author Posted August 12, 2010 I think this may have done the trick, after the scan there were two problems, which seemed to find the fxnu86iz6zi.exe, and after reboot it is no longer in processes. Here is the log: Malwarebytes' Anti-Malware 1.46 Malwarebytes Database version: 4422 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18943 12/08/2010 18:56:38 mbam-log-2010-08-12 (18-56-38).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 209107 Time elapsed: 30 minute(s), 18 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 4 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{83313942-b21e-454e-b5ae-d01992a63ad5} (Backdoor.SpyNet) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{83313942-b21e-454e-b5ae-d01992a63ad5} (Backdoor.SpyNet) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\audio hd driver (Backdoor.SpyNet) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\audio hd driver (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\audio hd driver (Backdoor.SpyNet) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\audio hd driver (Backdoor.SpyNet) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Users\skull\AppData\Local\Temp\Fxnu8RiZ6Zl.exe (Backdoor.SpyNet) -> Quarantined and deleted successfully. C:\Users\skull\AppData\Roaming\chrtmp (Malware.Trace) -> Quarantined and deleted successfully. C:\Users\skull\AppData\Roaming\Fxnu8RiZ6Zl.exe (Backdoor.SpyNet) -> Quarantined and deleted successfully. Quote
Armageddon Posted August 12, 2010 Posted August 12, 2010 Hi Leigh seems malwarebytes caught hold of it and deleted it I hope this has resolved your issue the malware guys might recommend a further scan just to be sure but it seems we have smacked this one on the head unless your going to say the process has come back if it has I have further instructions Quote Google is your friend We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs. Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
BunniLeigh Posted August 12, 2010 Author Posted August 12, 2010 Well we have rebooted the pc a couple of times, and it has not reappearred :@), so thank you very very much.... Also thank you Seedy for your reply also, it really is much appriecated. Quote
Armageddon Posted August 12, 2010 Posted August 12, 2010 Leigh your more than welcome it's what we are here for , I would keep the Mawarebytes software it's an excellent tool once again am glad it's fixed Dave Quote Google is your friend We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs. Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
RandyL Posted August 13, 2010 Posted August 13, 2010 Where there is one infection there is usually more. Without seeing the Malwarebytes log or any other logs it's hard to be sure if you are clean or not. Just in case I'm going to move this to the Malware Removal section. Thanks everyone. Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
Armageddon Posted August 13, 2010 Posted August 13, 2010 Hi Leigh i know this could be overkill but it's better to be safe than sorry could you run another scan using this online scanner Dave Please run a free online scan with the ESET Online Scanner Note: You will need to use Internet Explorer for this scan Tick the box next to YES, I accept the Terms of Use Click Start When asked, allow the ActiveX control to install Click Start Make sure that the options Remove found threats and the option Scan unwanted applications is checked Click Scan (This scan can take several hours, so please be patient) Once the scan is completed, you may close the window Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt Copy and paste that log as a reply to this topic __________________ Quote Google is your friend We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs. Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
BunniLeigh Posted August 13, 2010 Author Posted August 13, 2010 Ok I will do that right away and post log... thank you :D Quote
BunniLeigh Posted August 13, 2010 Author Posted August 13, 2010 ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=cef77d962bf7bd4cbed5c2cc72823ab4 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-08-13 09:31:26 # local_time=2010-08-13 10:31:26 (+0000, GMT Daylight Time) # country="United Kingdom" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=5892 16776574 100 100 22973058 119223064 0 0 # compatibility_mode=8192 67108863 100 0 81 81 0 0 # scanned=88458 # found=3 # cleaned=3 # scan_time=1550 C:\Users\skull\AppData\Local\Temp\m8QPHDhitB3.exe MSIL/Agent.NBV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\skull\AppData\Local\Temp\xsTRSZq3fAn.exe a variant of MSIL/Injector.T trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\skull\AppData\Roaming\xsTRSZq3fAn.exe a variant of MSIL/Injector.T trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C Quote
Armageddon Posted August 13, 2010 Posted August 13, 2010 (edited) Thanks Leigh am pretty sure your now sorted but I have no doubt our Malware specialists will have a look at the two logs and advise you further if needs be Dave Edited August 13, 2010 by Armageddon Quote Google is your friend We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs. Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
BunniLeigh Posted August 13, 2010 Author Posted August 13, 2010 No thank you !!!, its fantastic to have the net back in good working order ... feel a little embarrased that i had made many phone calls to my isp blaming them.... i had 50mb installed a month back, and thought it was that causing the problems... oh well keeps them on their toes. Thanks once again. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.