26v3056r9n.exe- Does anyone know what this is?

Discussion in 'Malware Help (A Specialist Will Reply)' started by juno jones, May 8, 2008.

  1. juno jones

    juno jones Private E-2

    I managed to pick up one of those 'system alert'-type bugs where the window pops up to sell supposd anti-spyware. At the same time I got infected, Search and Destroy and Avast both detected trojans. My programs seemed to shut the main part of the program out but I'm still getting the pop-up window even though it's seemingly no longer connected to anything.

    I ran through a bunch of my folders looking for anomalies and came across this guy in my processes folder in my task manager:

    26v3056r9n.exe

    I googled it and google actually came up with nothing, although googling my other running processes came up with multiple hits and a good deal of info.

    I then did a search for the file and found the main program in my C:windows/system32 and another file of same name in C:windows/prefetch.

    Both of these were added to my computer on the day and time of the Trojan alert.

    I cannot do a system resore, all my checkpoints have been erased. They had been just fine about 4 days previous. I cannot currently save checkpoints either.

    How can I disable or remove this thing? Can I disable it by turning it off on the processes menu? Or something in the startup? Any thoughts?

    Thanks in advance, Juno
     
    juno jones, May 8, 2008
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, May 9, 2008
    #2
  3. juno jones

    juno jones Private E-2

    OK, I ran thru all of the proceures.
    When I cleared my quarantine, the file my avast had alerted me on and 'caught' was 5/3/2008, 11:19 PM, Win 32: Agent-SYB.
    I ran SAS, it found a few things but ran normally. Posting log.

    Ran S&D, it found nothing, but I wasn't surprised, because it didn't find anything before and I run it pretty frequently for housekeeping.

    Ran MalwareBytes, found a few more things, mostly 'vundo': posting log.

    Combofix didn't want to run my computer, I could get thru the initial setup but it ran for about 30 seconds, rebooted the computer and left no log.

    Ran MGtools, sending log.

    Not seeming to get the popups anymore, but still have the 'unknown' file (created the date and time of the incident) on the computer.

    Thanks for your help, Let me know if you have any more insight! :)
     
    juno jones, May 11, 2008
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You need to attach the 3 logs from SUPERAntiSpyware, Malwarebytes, and MGtools. Then see if you can get ComboFix to run properly in safe boot mode. If it runs, attach the log from ComboFix too.
     
    chaslang, May 11, 2008
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds