another Jimbutt.com problem

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Cynex, Apr 7, 2005.

  1. Cynex

    Cynex Private E-2

    Re: Jimbutt.com a pain in the jim

    I am not aware of what is causing this problem specifically(Jimbutt.com or otherwise). However, I do not have the file "systr.dll" in my System32 folder, and the problems continue. The "Fxiegwfr.exe" is loading itself somehow everytime the internet is accessed(using I.E. or Firefox). I dont know if it is related to the randomly named 4character .DAT files or not. Or if it has relation to the double "explorer.exe." I do know that this file is loading atleast 20 porn sites in the background using I.E. specifically. These porn sites are a hassle cause they not only slow down the system, but some of thoes sites are listings for child pornography. As one would guess, that is not a good thing at all. I do not know what to do to get rid of this damn problem, or what is causing it. As I stated before I do not have the file "systr.exe"

    I have used the following programs to try and rid myself of this problem, none of them worked.

    Spybot
    Spy Sweeper
    Ad-Aware
    McAfee Antispyware
    CCleaner
    Spy Cleaner
    CounterSpy
    Ewido
     
    Cynex, Apr 7, 2005
    #1
  2. Cynex

    Cynex Private E-2

    Re: Jimbutt.com a pain in the jim

    I forgot to include this information in my previous post.

    I am running: Zone Alarm Pro 6.0
    It is specifically told not to allow the "fxiegwfr.exe" to access any part of the internet. This does not work, the firewall is being bypassed some how.
     
    Cynex, Apr 7, 2005
    #2
  3. Cynex

    Cynex Private E-2

    Might have solution to problem!

    At another site I found some more users of Hijackthis software. A thread was made by a guy with the same problem. This is the instructions given by the responder.

    Delete the following files:
    sfcmon32.dll
    c:/program~1\nendotwl (folder)
    c:\Progam Files\AWS (folder)
    edpj.dat
    iegfxfrw.dll

    I did not have any of the files listed but! the "iegfxfrw.dll" file. The "edpj.dat" file is was probably the current randomly named 4letter .DAT that was running. It makes a new one every time "fxiegwfr.exe" loads(but you all probably already know this). Anyway, I deleted the "iegfxfrw.dll" and made a new Hijackthis file which I will now post.

    EDIT by chaslang: Unrequested, incomplete, inline log removed

    It happens to list the "iegfxfrw.dll" as missing cause I deleted it. It is unknown to me as to why the updated Hijackthis file did not exclude it.

    If the problem persist after my attempts with what I posted above, I will be back. If it is cured, I will post that you should follow them immediatly.
     
    Last edited by a moderator: Apr 7, 2005
    Cynex, Apr 7, 2005
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: Jimbutt.com a pain in the jim

    Cynex,

    You should be posting in your own thread and not in http://forums.majorgeeks.com/showthread.php?t=58063

    I'm moving you to your own thread now.

    By the way c:\Progam Files\AWS is totally unrelated to jimbutt.com problems. It is from WeatherBug. Not sure about your other items. You cannot look at a cleanup procedure and assume everything in it relates to your problem even though the title of the other user's problem could be the same. Most logs have multiple problems within them and they are all being fixed.

    Please follow our procedures and do not post HJT logs unless requested and do not post them inline.

    - Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus RemovalMake sure you check version numbers and get all updates.

    - Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


    After doing ALL of the above you still have a problem:

    - Download HijackThis 1.99.1

    - Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

    - Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

    - Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

    - Run HijackThis and save your log file.

    - Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).
     
    Last edited: Apr 7, 2005
    chaslang, Apr 7, 2005
    #4
  5. SGC_Geek

    SGC_Geek Private First Class

    Chaslang,

    Don't you think a more descriptive name for the post would be useful?

    Cynex,
    Norton Antivirus will not pick up the fxiegwfr.exe file. Symantec does not view the file to be malicious by itself.

    Read the thread entitled - Unknown process: fxiegwfr.exe
     
    SGC_Geek, Apr 7, 2005
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    The only common reference thus far is jimbutt.com. What other title would be more useful?

    Using the Fxiegwfr.exe process name is not too descriptive either. Nor is calling it an unknown trojan (there are thousands of those floating around).
     
    chaslang, Apr 7, 2005
    #6
  7. SGC_Geek

    SGC_Geek Private First Class

    True. Have you tried to google "fxiegwfr" or "fxiegwfr.exe"? Don't bother. There are less than five responses. Besides, my original post still stands. What does the file do? That answer requires reverse-engineering the PE. My hope was Symantec would provide a more in depth answer. Oh, well.
     
    SGC_Geek, Apr 7, 2005
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your original post (http://forums.majorgeeks.com/showthread.php?t=59655) needs to be updated by you. I last posted there an you did not respond. If you have a problem that you need help with, please respond in that thread.

    It is a process that is part of the problem! What other kind of answer do you want? And why is it necessary to answer that? There are probably 100,000 or more similar types of problem exe files out there that we do not know exactly what they do. But all we really need to know is that they are problems and remove them and any related files. Sometimes it does requires some detective work to find the related files that could be making it difficult to fix a problem.
     
    chaslang, Apr 7, 2005
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds