Very annoying with unexpected exe Running Process and File in Temp Dir

Discussion in 'Malware Help (A Specialist Will Reply)' started by alecyu, Dec 18, 2008.

  1. alecyu

    alecyu Private E-2

    There is an unexpected exe process observed in Task Manager in the mean time there is a exe file in the Temp Folder. Once you kill the process, the file will disappear in the Temp folder as well. The process will be there while just startup the PC or after you killed the process a while.
    The File / Process name is not fixed, it vary from each startup. The nameing current show in my pc is "QQ5E02.EXE"

    Please help / advise how to solve it. Thanks very much.
     

    Attached Files:

    alecyu, Dec 18, 2008
    #1
  2. alecyu

    alecyu Private E-2

    attachment #2
     

    Attached Files:

    alecyu, Dec 18, 2008
    #2
  3. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hi and welcome to the forums. We are currently reviewing your logs and will get back to you with a set of instructions as soon as possible. Thanks for your patience during this time.

    Kestrel13!
     
    Kestrel13!, Dec 20, 2008
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Some of the info in your logs is in Japanese?

    Do you know what these are:
    C:\WINDOWS\system32\zh-cht
    C:\WINDOWS\system32\ZH-TW

    and:
    C:\Program Files\Internet Explorer\zh-tw
    C:\1

    Let's use windows explorer to find and delete:
    C:\Temp ---> the entire folder.

    and I would like you to run an online scan:

    This procedure explains how to get to the BitDefender Online Scan sites and how to setup and perform an online scan. It also explains how to obtain a log so you can attach it to a message. You must use Internet Explorer to run this scan and make sure your Sun Java version it current. Get Sun Java here: Sun Java Runtime EnvironmentBefore installing the current version, you should uninstall all previous versions first!!!!

    ****NOTE**** DO NOT INSTALL Bitdefender's Antivirus program. Make sure you follow the directions below and run the ONLINE SCANNER only.


    To start the online scan go here: Bitdefender

    • Agree to the license and then select Scan.
      • DO NOT CHANGE THE OPTIONS TO SHOW ALL FILES SCANNED. That will make your logs huge and we don't need to see clean files.

    • Once Bitdefender completes the scan:
      • Click-on the Detected Problems tab. Then select Click here to export the scan report
      • When the window comes up to save the report, change the Save as type: box to Text (Tab Delimited) (*.txt)
      • And then in the File name box enter bdscan then click save. This will save a file named bdscan.txt in whatever folder you are currently in when you save the file (take notice of where you are at so you can find it later). This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html. If you do not follow these step, you will have an incorrect log or worse a log summary which is useless to us.

    • Post the bdscan.txt file as an ATTACHMENT. See: HOW TO: Attach Items To Your Post
    • If you run BitDefender Online scan and have previously run PandaActive scan, the below false detection may be seen in BitDefender:

      C:\WINDOWS\system32\ActiveScan\pskahk.dll
      Infected with: Generic.Malware.SIMDWYNVdprn.D9407F4E
     
    TimW, Dec 20, 2008
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds