Deep-rooted pop-up problem

Discussion in 'Malware Help (A Specialist Will Reply)' started by Stryker, Jun 25, 2005.

  1. Stryker

    Stryker Private E-2

    This isn't your typical pop-up window problem. What this one does is make my current window into an inactive window. Once in a while, a pop-up window comes up. But every 10 seconds or so, the current window I'm working on just becomes inactive.
    The running process is called "IEXPLORE.EXE". It runs even when internet exporer is not even running. I have tried the following things:

    I looked for the file in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    and it wasn't there

    I ran spybot/ adaware / trojanhunter.....no success

    I installed symantec antivirus and ran a deep scan

    I read the sticky on this forum about using HijackThis and followed the procedures....no success

    However, In my C\Windows\system32 I found the following suspicious files. I did a google search on them but no results were found...
    emusuo.exe
    fxmzr.exe
    knqnu.exe

    I feel as if I've lost my war against spyware for the first time :mad:

    P.S. I can post my HiJackThis logfile, but the forum rules said to not post it until a moderator tells you to. Thanks for all your help guys!!!
     
    Stryker, Jun 25, 2005
    #1
  2. Seargent Geek

    Seargent Geek Private First Class

    Try to upload those files
    here http://virusscan.jotti.org/ for analysis.

    After try to copy the results into this thread.;)
     
    Seargent Geek, Jun 25, 2005
    #2
  3. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    It sounds like you have one of the newer infections that takes a little time and work to remove.

    http://www.majorgeeks.com/images/grenade.gif Download HijackThis 1.99.1

    http://www.majorgeeks.com/images/grenade.gif Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

    http://www.majorgeeks.com/images/grenade.gif Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

    http://www.majorgeeks.com/images/grenade.gifBefore running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

    http://www.majorgeeks.com/images/grenade.gifRun HijackThis and save your log file.

    http://www.majorgeeks.com/images/grenade.gif Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

    http://www.majorgeeks.com/images/grenade.gifNeed help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting
     
    bjgarrick, Jun 25, 2005
    #3
  4. Stryker

    Stryker Private E-2

    Here is the attached HiJackThis logfile as requested.


    I went to virusscan.jotti.org and uploaded those three files. All are Malaware/spyware trojans. But the system would not let me delete knqnu.exe!! Should I go to safe mode?
     

    Attached Files:

    Stryker, Jun 25, 2005
    #4
  5. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Your HJT version is WAY out of date, you must update to current version!

    Please update to Hijack This 1.99.1 and attach a new log using the new version.
     
    bjgarrick, Jun 25, 2005
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds