Solved

What is ET4.exe?

Posted on 2006-10-28
9
499 Views
Last Modified: 2010-05-18
I spent several hours on a clients computer this week, getting rid of a Trojan called something like imimonitor.exe and imaminni.exe, and I noticed a process running called ET4.exe. What is this process and its function?
0
Comment
Question by:Booda2us
  • 2
  • 2
  • 2
  • +1
9 Comments
 
LVL 35

Accepted Solution

by:
Raynard7 earned 400 total points
ID: 17827929
It is most likley to be a program called easytune4 by gigabyte
if it is then it is not spyware but a monitoring program for things like case temperature and is used by overclockers,

however just because it has that name does not mean it is that file - so check it out anyway with some sort of scanner
0
 
LVL 35

Expert Comment

by:Raynard7
ID: 17827931
it is often shipped with motherboards
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 17828262
>> getting rid of a Trojan called something like imimonitor.exe and imaminni.exe <<


Is that a typo, do you mean these files below? if you mean these files, then you have smitfraud infection.

ismini.exe
isamonitor.exe


Can we look at your hijackthis log? the log will confirm if it's smitfraud or not.

Please download HijackThis 1.99.1
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

Then upload the logs to any hosting sites,
or go to the below link and login using your Experts-Exchange username and password.
http://www.ee-stuff.com
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.

OR: paste the log to either of these sites:
1. http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here.

2. or at --> http://www.hijackthis.de/ 
and click "Analyse", click "Save".  Then post the link to the saved list here.
0
Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

 
LVL 47

Expert Comment

by:rpggamergirl
ID: 17828266
If it is smitfraud, then smitfraudFix will fix it:

Please download SmitfraudFix:(XP/2000 only)
http://siri.geekstogo.com/SmitfraudFix.php
Extract the content (a folder named SmitfraudFix) to your Desktop.
Next, please reboot your computer in Safe Mode by rebooting the computer,
and repeatedly tapping the F8 key as the pc starts. Choose "Safe Mode" from
the options listed.
 
Once in Safe Mode, open the SmitfraudFix folder again and double-click
smitfraudfix.cmd
 
Select option #2 - Clean by typing 2 and press "Enter" to delete infected
files.
 
You will be prompted : "Registry cleaning - Do you want to clean the
registry?" answer "Yes" by typing Y and press "Enter" in order to remove
the Desktop background and clean registry keys associated with the
infection.
 
The tool will now check if wininet.dll is infected. You may be prompted to
replace the infected file (if found); answer "Yes" by typing Y and press
"Enter".
 
The tool may need to restart your computer to finish the cleaning process;
if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

0
 
LVL 18

Assisted Solution

by:centerv
centerv earned 100 total points
ID: 17831109
http://www.magictweak.com/program/105528/EasyTuneIV.html

overclock by Gigabyte EasyTune IV Utility
0
 
LVL 6

Author Comment

by:Booda2us
ID: 17912057
the 2 .exe files were definitiely trojans....as I stated.. Clients computer did have a gigabyte Mobo... thank you to Raynard and centery
0
 
LVL 6

Author Comment

by:Booda2us
ID: 17912069
To rpggamergirl: I used Prevx1 to clean  clients system...I appreciate your effort and thoroughness in maintaining EE's credibility and security....Booda2us
0
 
LVL 18

Expert Comment

by:centerv
ID: 17915071
You're welcome.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Tasks remote computer 12 154
Looking to exFAT Driver for Win XP 11 12,718
netsh interface ip show interface in Windows XP 4 143
system default settings 4 25
Can you find a fax from a vendor you saved a decade ago in seconds? Have you ever cursed your PC under your breath during an audit because you couldn’t find the requested statement or driver history?  If you answered no to the first question or yes …
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question