MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Reply
 
Thread Tools Display Modes
  #1  
Old 02-25-09, 12:39
Lainden Lainden is offline
Private E-2
 
Join Date: Aug 2008
Posts: 12
Thanks: 1
Thanked 0 Times in 0 Posts
Default FsUsbExService.exe and btdna.exe

Hi there, I've noticed that my laptop has been encountering problems of explorer closing by itself recently... and just browsing through the Task Manager, i found 2 unfamiliar processes.

Did a little google on them and found that they could be harmful to my system. Thus i followed the Malware Removal Guide from this forum hoping to fix the problem.


*PS. While executing the ComboFix step, everything is running well, all the way until it prompts
"
Almost done. . This window will close in a short while
Please wait a few seconds for the report log to pop up

ComboFix's log shall be located at C:\ComboFix.txt
"

Then the Blue Screen Of Death just occurred and my system reboot by itself.

After which I found that the log file is located at "C:\ComboFix\ComboFix.txt" instead of the root directory.

Attached are the log files for your reference.
Attached Files
File Type: txt SASlog.txt (465 Bytes, 6 views)
File Type: txt mbam-log-2009-02-26 (01-49-33).txt (849 Bytes, 5 views)
File Type: txt ComboFix.txt (9.8 KB, 6 views)
Reply With Quote
Sponsored links
  #2  
Old 02-25-09, 12:40
Lainden Lainden is offline
Private E-2
 
Join Date: Aug 2008
Posts: 12
Thanks: 1
Thanked 0 Times in 0 Posts
Default Re: FsUsbExService.exe and btdna.exe

Here's the MGlogs. Thanks in advance for your assistance.
Attached Files
File Type: zip MGlogs.zip (42.1 KB, 19 views)
Reply With Quote
  #3  
Old 02-26-09, 16:18
TimW's Avatar
TimW TimW is offline
MajorGeeks Administrator - Jedi Malware Expert
 
Join Date: Jan 2005
Location: The recesses of my mind!
Posts: 45,922
Thanks: 400
Thanked 4,450 Times in 4,226 Posts
Default Re: FsUsbExService.exe and btdna.exe

Please return to the Read and Run First instructions and download the latest version of MGTools. You are running a very old version. Make sure you make the agreement to the HJT license.
__________________
Major cake licker.
YCLAHTW, BYCMHD!!

Major Geeks on Facebook

Major Geeks Newsletter
Reply With Quote
  #4  
Old 02-27-09, 08:48
Lainden Lainden is offline
Private E-2
 
Join Date: Aug 2008
Posts: 12
Thanks: 1
Thanked 0 Times in 0 Posts
Default Re: FsUsbExService.exe and btdna.exe

Hi, attached is the new mglogs file
Attached Files
File Type: zip MGlogs.zip (50.2 KB, 48 views)
Reply With Quote
  #5  
Old 02-28-09, 17:04
TimW's Avatar
TimW TimW is offline
MajorGeeks Administrator - Jedi Malware Expert
 
Join Date: Jan 2005
Location: The recesses of my mind!
Posts: 45,922
Thanks: 400
Thanked 4,450 Times in 4,226 Posts
Default Re: FsUsbExService.exe and btdna.exe

Use windows explorer to find and delete:
C:\WINDOWS\system32\FsUsbExService.Exe

Now go to start / run / type "services.msc" without quotes and scroll down to:
FsUsbExService
then right click the entry, select Properties and press Stop Service.
* When it shows that it is stopped, next please set the Start-up Type to 'Disabled'.
* Click OK until you get back to Windows.

Next, run C:\MGtools\analyse.exe, but instead of scanning, click on the None of the above, just start the program button at the bottom of the choices.
* At the lower right, click on the Config button
* Then click the Misc tools button
* Select Delete an NT Service
* Copy/paste FsUsbExService into the box that opens, and press OK
* If you receive any error messages just ignore them and continue.
After clicking Fix, exit HJT.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file.
__________________
Major cake licker.
YCLAHTW, BYCMHD!!

Major Geeks on Facebook

Major Geeks Newsletter
Reply With Quote
Sponsored links
  #6  
Old 03-01-09, 01:55
Lainden Lainden is offline
Private E-2
 
Join Date: Aug 2008
Posts: 12
Thanks: 1
Thanked 0 Times in 0 Posts
Default Re: FsUsbExService.exe and btdna.exe

Hi, attached is the new MGlogs file.

*Just a side question. what is FsUsbExService.exe actually? It just appear out of nowhere and i can't really seem to find much detail on it.
Attached Files
File Type: zip MGlogs.zip (50.3 KB, 14 views)
Reply With Quote
  #7  
Old 03-02-09, 10:26
TimW's Avatar
TimW TimW is offline
MajorGeeks Administrator - Jedi Malware Expert
 
Join Date: Jan 2005
Location: The recesses of my mind!
Posts: 45,922
Thanks: 400
Thanked 4,450 Times in 4,226 Posts
Default Re: FsUsbExService.exe and btdna.exe

That took care of it....as to what it is, I don't know, other than it is just beginning to show up.

Run CCleaner ( both the cleaner and the registry - making the backup when prompted) followed by ATF Cleaner by Atribune.

If you are not having any other malware problems, it is time to do our final steps:
  1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They are useful as backup scanners. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
  2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
    • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
    • "%userprofile%\Desktop\combofix" /u
      • Notes: The space between the combofix" and the /u, it must be there.
      • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

    • Delete the C:\combofix folder from combofix (if it exists)

  3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
  4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
  5. Go to add/remove programs and uninstall HijackThis.
  6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
  7. If you are running Vista, Windows XP or Windows ME, do the below:
    • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
    • Then reboot and Enable System Restore to create a new clean Restore Point.

  8. After doing the above, you should work thru the below link:

__________________
Major cake licker.
YCLAHTW, BYCMHD!!

Major Geeks on Facebook

Major Geeks Newsletter
Reply With Quote
  #8  
Old 03-04-09, 08:17
Lainden Lainden is offline
Private E-2
 
Join Date: Aug 2008
Posts: 12
Thanks: 1
Thanked 0 Times in 0 Posts
Default Re: FsUsbExService.exe and btdna.exe

Hi TimW, everything went smoothly after following your instructions. However i have one last problem here - I am unable to remove the recovery console which was installed during the ComboFix phrase.

I followed the instructions given at http://support.microsoft.com/kb/307654 on how to remove it. I was able to remove the cmldr but was unable to delete cmdcons folder. Error prompt was "access is denied". I manage to edit boot.ini to remove the boot sequence and system is able to start normally, but the cmdcons folder is still hidden in my root directory. Is there anyway to remove it?
Reply With Quote
  #9  
Old 03-05-09, 17:34
TimW's Avatar
TimW TimW is offline
MajorGeeks Administrator - Jedi Malware Expert
 
Join Date: Jan 2005
Location: The recesses of my mind!
Posts: 45,922
Thanks: 400
Thanked 4,450 Times in 4,226 Posts
Default Re: FsUsbExService.exe and btdna.exe

I would not be concerned about removing that folder. And did you remove the recovery console just to make a faster boot up? Not having that installed could leave you in serious trouble if you ever loose your cd.
__________________
Major cake licker.
YCLAHTW, BYCMHD!!

Major Geeks on Facebook

Major Geeks Newsletter
Reply With Quote
  #10  
Old 03-05-09, 21:50
Lainden Lainden is offline
Private E-2
 
Join Date: Aug 2008
Posts: 12
Thanks: 1
Thanked 0 Times in 0 Posts
Default Re: FsUsbExService.exe and btdna.exe

yup you are right... main concern is for the faster boot up... anyway since there won't be any problem leaving the folder there, then i'll just leave it as it is... thanks for all your help =)
Reply With Quote
Sponsored links
  #11  
Old 03-08-09, 14:34
TimW's Avatar
TimW TimW is offline
MajorGeeks Administrator - Jedi Malware Expert
 
Join Date: Jan 2005
Location: The recesses of my mind!
Posts: 45,922
Thanks: 400
Thanked 4,450 Times in 4,226 Posts
Default Re: FsUsbExService.exe and btdna.exe

You are most welcome......safe surfing.
__________________
Major cake licker.
YCLAHTW, BYCMHD!!

Major Geeks on Facebook

Major Geeks Newsletter
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 10:26.


MajorGeeks.Com Home Page
| Admin Tools | All In One | Anti-Spyware | Anti-Virus | Appearance | Backup | Benchmarking | BIOS | Browsers | Covert Ops |
Data Recovery | Diagnostics | Drive Cleaners | Drive Utilities | Drivers | Driver Tools Ergonomics | Firewalls | Games | Game Tweaks | Graphics | Input Devices | Internet Tools | Macintosh | Mail Utilities | Memory | Messaging | Monitoring | Microsoft | Multimedia | Networking | Office Tools | Process Management | Processor | Registry | Security | System Info | Toys | Video | Miscellaneous
|
Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger