windows 7 firewall blocked this C:\windows\syswow64\$.eemwftpebmy\eemwftpebmy.exe

Hi all,

been a while since i was here, mainly as i have not had any viruses in the last year.

Anyway, found an odd little problem when i turned my pc on tonight.

Basically the windows firewall blocker came up with a program asking to be allowed access with this filename:

C:\windows\syswow64\$.eemwftpebmy\eemwftpebmy.exe

I had a look in the file and i can't delete it (surprise surprise).

I have run spybot S&D and AVG is my main anti-virus, but comming up short.

The only thing that i can think it came from is when a link to a video i was sent by a person i know tried to install a Java update, which was odd, it had all the right java logo's and everything and asked permissions and such but it seemed odd so i didn't let it.

Asked friend and he said he was sent the video but hadn't watched it...sigh.

The file is sitting with a date from yesterday, so that must be where it got in from.

I can't tell what it is ither than it is probably unwelcome and malicious, i don't know what it does as it has such a random filename, goog;e came up with nothing.

I wondered if anyone had ever seen something liek this, it could be harmless, and i am simply being paranoid, but i want rid of this , but i don't know how.

I could try starting in safe mode and seeing if i can delete it that way, but i wouldn't be sure if its removed completely.

Any advice would be great, as this is really odd.

Thanks all

Rick

 

Ah,

Got it sorted chaps, did a system restore, and its all been removed.

That has never worked properly before.

Winner!:cool

Now goes to give my mate a bollocking for sending unchecked crap to my mailbox....:major

 

Hi there.

I think the malware didn't get a chance to do what it wanted as my firwewall blocked it and AVG never gave me any alarms etc, which it usually does if there is a problem.

I know system restore is not the most accurate of removal tools, so i shall do the cleaning procedure (done before on an older computer, leave sit squeaky clean!).

The file itself was completely removed from the system after the restore, the folder it was in and filenames i found in the syswow64 folder were gone also.

I will do the cleaning procedure, and hopefully take it as a lesson learned and a bullet dodged.

Again, thanks for your reply.

 

Hi again,

i have completed the cleaning procedure, found 1 item, it was removed.

I then followed the keeping your machine safe tips for vista\win7.

I changed my anti virus from AVG 9 free edition as it can cause problem apparently, so i got microsoft security essentials for win 7 64 bit, and got spyware blaster running.


I have enabled security on browsers etc and ran a scan when installed them to check, nothing appeared.

My problem now is that my internet is cripplingly slow, i tried Firefox, and tried Chrome as well, but sites are taking an age to load, and Gif's etc are really slow and jarring.

I am worried i have installed a form of protection that is causing major slowdown on my machine, as it definately shouldn't have any malware as it was just cleaned, and i noticed the slowdown after setting up the new protection.

Do you have any idea what could be causing slowdown, is there a part of the recommended anti virus etc that needs to be set to allow freedom of net traffic.

Thanks again

Rick

 

Hi again,

a quick update on this.

The only major change to my security was changing from AVG9 Free edition to Windows own security essentials.

I tried uninstalling windows security essentials and re-installing AVG.

This seems to have solved the problems in terms of slowdown.

Webpages open up quite quickly and is more what i am used to.

Gif's are still quiote slow to load, but once loaded run smoothly, but this is only on certain Gif's so it could be an display issue, etc, as the ATI 58** cards are still a bit twitchy, especially with video etc.

I am happy with AVG and my PC seems happier.

as you say there could be some residual files causinf compatibility disputes and slowing down my browser, but with AVG it seems happy.

Firewall wise i have windows one running on its own with only allowed applications ticked etc.

Hardware firewall on the motherboard is off as it was causing some issues with both on etc.

I am happy now, the pc is clean, and i have run a couple of other scans since swapping to AVG again, and all coming up clean.

Unless you think it would be necessary to create some MGtools logs just as insurance, let me know and i can sort some out.

Many thanks

Rick

 

Hi again.

i can remove avg and reinstall windows security tonight and run MGtools.

Do i just copy and past the log text into the post, or do i attach it as a file.

Been ages since i did one and i have forgotten.

Hopefully it can be sorted.

I will sort out a software firewall tonight, do i need to turn off the windows firewall when i do this, incase of compatatbility issues?

As for the hardware firewall, i have an external modem router, the firewall on that caused all sorts of problems, especially on mozilla firefox, not displaying iomages on google image search etc, large slowdown. So i turned it odff and use the motherboard hardware firewall for the router connection as i do not use wireless for the main PC and the other PC in the house has the same protection as my main PC.

Many thanks .....yet again..

Rick