[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

What is ET4.exe?

Posted on 2006-10-28
9
Medium Priority
?
506 Views
Last Modified: 2010-05-18
I spent several hours on a clients computer this week, getting rid of a Trojan called something like imimonitor.exe and imaminni.exe, and I noticed a process running called ET4.exe. What is this process and its function?
0
Comment
Question by:Booda2us
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
9 Comments
 
LVL 35

Accepted Solution

by:
Raynard7 earned 1600 total points
ID: 17827929
It is most likley to be a program called easytune4 by gigabyte
if it is then it is not spyware but a monitoring program for things like case temperature and is used by overclockers,

however just because it has that name does not mean it is that file - so check it out anyway with some sort of scanner
0
 
LVL 35

Expert Comment

by:Raynard7
ID: 17827931
it is often shipped with motherboards
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 17828262
>> getting rid of a Trojan called something like imimonitor.exe and imaminni.exe <<


Is that a typo, do you mean these files below? if you mean these files, then you have smitfraud infection.

ismini.exe
isamonitor.exe


Can we look at your hijackthis log? the log will confirm if it's smitfraud or not.

Please download HijackThis 1.99.1
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

Then upload the logs to any hosting sites,
or go to the below link and login using your Experts-Exchange username and password.
http://www.ee-stuff.com
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.

OR: paste the log to either of these sites:
1. http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here.

2. or at --> http://www.hijackthis.de/ 
and click "Analyse", click "Save".  Then post the link to the saved list here.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 47

Expert Comment

by:rpggamergirl
ID: 17828266
If it is smitfraud, then smitfraudFix will fix it:

Please download SmitfraudFix:(XP/2000 only)
http://siri.geekstogo.com/SmitfraudFix.php
Extract the content (a folder named SmitfraudFix) to your Desktop.
Next, please reboot your computer in Safe Mode by rebooting the computer,
and repeatedly tapping the F8 key as the pc starts. Choose "Safe Mode" from
the options listed.
 
Once in Safe Mode, open the SmitfraudFix folder again and double-click
smitfraudfix.cmd
 
Select option #2 - Clean by typing 2 and press "Enter" to delete infected
files.
 
You will be prompted : "Registry cleaning - Do you want to clean the
registry?" answer "Yes" by typing Y and press "Enter" in order to remove
the Desktop background and clean registry keys associated with the
infection.
 
The tool will now check if wininet.dll is infected. You may be prompted to
replace the infected file (if found); answer "Yes" by typing Y and press
"Enter".
 
The tool may need to restart your computer to finish the cleaning process;
if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

0
 
LVL 18

Assisted Solution

by:centerv
centerv earned 400 total points
ID: 17831109
http://www.magictweak.com/program/105528/EasyTuneIV.html

overclock by Gigabyte EasyTune IV Utility
0
 
LVL 6

Author Comment

by:Booda2us
ID: 17912057
the 2 .exe files were definitiely trojans....as I stated.. Clients computer did have a gigabyte Mobo... thank you to Raynard and centery
0
 
LVL 6

Author Comment

by:Booda2us
ID: 17912069
To rpggamergirl: I used Prevx1 to clean  clients system...I appreciate your effort and thoroughness in maintaining EE's credibility and security....Booda2us
0
 
LVL 18

Expert Comment

by:centerv
ID: 17915071
You're welcome.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Can you find a fax from a vendor you saved a decade ago in seconds? Have you ever cursed your PC under your breath during an audit because you couldn’t find the requested statement or driver history?  If you answered no to the first question or yes …
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question