uh.exe causing problems

Discussion in 'Malware Help (A Specialist Will Reply)' started by anon, Jan 31, 2009.

  1. anon

    anon Private E-2

    Hello,

    About two days ago, avast! detected a file called uh.exe.

    http://img99.imageshack.us/img99/268/suspiciousrs1.jpg

    I clicked delete and restarted my computer as prompted. Avast! scanned my computer before starting Windows. After about an hour, I thought the problem was fixed. Windows started up fine and it took only a few minutes for the same exact problem to arise. I didn't want to go through the same procedure, so I deleted the file and decided not to restart. I ran CCleaner and removed a process called "ertyuop" (which is described as being associated with this malware, as shown in the link below.) I restarted my computer and the process was back.

    I looked up the problem (uh.exe) and found a detailed description of it here.

    The virus severely slows down my comp, and I've had a ton of freeze ups ever since. I don't notice anything else it may be doing.

    I searched for a support forum, got here, and read and followed everything in the RUN & READ ME FIRST. Malware Removal Guide thread. I did everything in the Windows XP Cleaning Procedure thread too.

    Before I had the virus? The school I go to is mostly computer based. We have a shared drive so students can easily transfer files from one computer to the next. I've always been cautious of this, and I scan any file I take from the drive before putting it on my thumb drive. My roommate, on the other hand, doesn't. He needed to use my computer and I allowed him to without really thinking about it. All these problems started happening the minute he removed his thumb drive. I told him to scan his thumb drive and laptop and he found the same problem. He said it must've come from the shared drive. That's all I know about where this virus came from.

    After running through all the procedures, I realized my comp is definitely running faster.

    "ertyuop" is no longer a part of my start up. I just wanted to make sure everything was okay, so I thought I'd post the logs.

    Thanks!
     

    Attached Files:

    anon, Jan 31, 2009
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You still need to attach the C:\MGLogs.zip
     
    TimW, Feb 2, 2009
    #2
  3. anon

    anon Private E-2

    There it is, sorry about that. I didn't know when this thread would be posted because it said it required an approval, so when I tried to post a reply it just created a new thread.
     

    Attached Files:

    anon, Feb 2, 2009
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    It was caught in moderation because to the screen shot you attached.

    Your logs are clean. It appears the scans took care of the malware.

    If you are not having any other malware problems, it is time to do our final steps:

    1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They are useful as backup scanners. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

      • Delete the C:\combofix folder from combofix (if it exists)

    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    7. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.

    8. After doing the above, you should work thru the below link:

     
    TimW, Feb 2, 2009
    #4
  5. anon

    anon Private E-2

    Thank you Tim, followed the steps. I appreciate all the help!
     
    anon, Feb 2, 2009
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    No problem......safe surfing. :)
     
    TimW, Feb 2, 2009
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds