FsUsbExService.exe and btdna.exe

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Lainden, Feb 25, 2009.

  1. Lainden

    Lainden Private E-2

    Hi there, I've noticed that my laptop has been encountering problems of explorer closing by itself recently... and just browsing through the Task Manager, i found 2 unfamiliar processes.

    Did a little google on them and found that they could be harmful to my system. Thus i followed the Malware Removal Guide from this forum hoping to fix the problem.


    *PS. While executing the ComboFix step, everything is running well, all the way until it prompts
    "
    Almost done. . This window will close in a short while
    Please wait a few seconds for the report log to pop up

    ComboFix's log shall be located at C:\ComboFix.txt
    "

    Then the Blue Screen Of Death just occurred and my system reboot by itself.

    After which I found that the log file is located at "C:\ComboFix\ComboFix.txt" instead of the root directory.

    Attached are the log files for your reference.
     

    Attached Files:

  2. Lainden

    Lainden Private E-2

    Here's the MGlogs. Thanks in advance for your assistance.
     

    Attached Files:

  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please return to the Read and Run First instructions and download the latest version of MGTools. You are running a very old version. Make sure you make the agreement to the HJT license.
     
  4. Lainden

    Lainden Private E-2

    Hi, attached is the new mglogs file
     

    Attached Files:

  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Use windows explorer to find and delete:
    C:\WINDOWS\system32\FsUsbExService.Exe

    Now go to start / run / type "services.msc" without quotes and scroll down to:
    FsUsbExService
    then right click the entry, select Properties and press Stop Service.
    * When it shows that it is stopped, next please set the Start-up Type to 'Disabled'.
    * Click OK until you get back to Windows.

    Next, run C:\MGtools\analyse.exe, but instead of scanning, click on the None of the above, just start the program button at the bottom of the choices.
    * At the lower right, click on the Config button
    * Then click the Misc tools button
    * Select Delete an NT Service
    * Copy/paste FsUsbExService into the box that opens, and press OK
    * If you receive any error messages just ignore them and continue.
    After clicking Fix, exit HJT.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file.
     
  6. Lainden

    Lainden Private E-2

    Hi, attached is the new MGlogs file.

    *Just a side question. what is FsUsbExService.exe actually? It just appear out of nowhere and i can't really seem to find much detail on it.
     

    Attached Files:

  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    That took care of it....as to what it is, I don't know, other than it is just beginning to show up.

    Run CCleaner ( both the cleaner and the registry - making the backup when prompted) followed by ATF Cleaner by Atribune.

    If you are not having any other malware problems, it is time to do our final steps:

    1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They are useful as backup scanners. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

      • Delete the C:\combofix folder from combofix (if it exists)

    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    7. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.

    8. After doing the above, you should work thru the below link:

     
  8. Lainden

    Lainden Private E-2

    Hi TimW, everything went smoothly after following your instructions. However i have one last problem here - I am unable to remove the recovery console which was installed during the ComboFix phrase.

    I followed the instructions given at http://support.microsoft.com/kb/307654 on how to remove it. I was able to remove the cmldr but was unable to delete cmdcons folder. Error prompt was "access is denied". I manage to edit boot.ini to remove the boot sequence and system is able to start normally, but the cmdcons folder is still hidden in my root directory. Is there anyway to remove it?
     
  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I would not be concerned about removing that folder. And did you remove the recovery console just to make a faster boot up? Not having that installed could leave you in serious trouble if you ever loose your cd.
     
  10. Lainden

    Lainden Private E-2

    yup you are right... main concern is for the faster boot up... anyway since there won't be any problem leaving the folder there, then i'll just leave it as it is... thanks for all your help =)
     
  11. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You are most welcome......safe surfing. :)
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds