What is ET4.exe?

I spent several hours on a clients computer this week, getting rid of a Trojan called something like imimonitor.exe and imaminni.exe, and I noticed a process running called ET4.exe. What is this process and its function?
LVL 6
Booda2usAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Raynard7Connect With a Mentor Commented:
It is most likley to be a program called easytune4 by gigabyte
if it is then it is not spyware but a monitoring program for things like case temperature and is used by overclockers,

however just because it has that name does not mean it is that file - so check it out anyway with some sort of scanner
0
 
Raynard7Commented:
it is often shipped with motherboards
0
 
rpggamergirlCommented:
>> getting rid of a Trojan called something like imimonitor.exe and imaminni.exe <<


Is that a typo, do you mean these files below? if you mean these files, then you have smitfraud infection.

ismini.exe
isamonitor.exe


Can we look at your hijackthis log? the log will confirm if it's smitfraud or not.

Please download HijackThis 1.99.1
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

Then upload the logs to any hosting sites,
or go to the below link and login using your Experts-Exchange username and password.
http://www.ee-stuff.com
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.

OR: paste the log to either of these sites:
1. http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here.

2. or at --> http://www.hijackthis.de/ 
and click "Analyse", click "Save".  Then post the link to the saved list here.
0
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

 
rpggamergirlCommented:
If it is smitfraud, then smitfraudFix will fix it:

Please download SmitfraudFix:(XP/2000 only)
http://siri.geekstogo.com/SmitfraudFix.php
Extract the content (a folder named SmitfraudFix) to your Desktop.
Next, please reboot your computer in Safe Mode by rebooting the computer,
and repeatedly tapping the F8 key as the pc starts. Choose "Safe Mode" from
the options listed.
 
Once in Safe Mode, open the SmitfraudFix folder again and double-click
smitfraudfix.cmd
 
Select option #2 - Clean by typing 2 and press "Enter" to delete infected
files.
 
You will be prompted : "Registry cleaning - Do you want to clean the
registry?" answer "Yes" by typing Y and press "Enter" in order to remove
the Desktop background and clean registry keys associated with the
infection.
 
The tool will now check if wininet.dll is infected. You may be prompted to
replace the infected file (if found); answer "Yes" by typing Y and press
"Enter".
 
The tool may need to restart your computer to finish the cleaning process;
if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

0
 
centervConnect With a Mentor Commented:
http://www.magictweak.com/program/105528/EasyTuneIV.html

overclock by Gigabyte EasyTune IV Utility
0
 
Booda2usAuthor Commented:
the 2 .exe files were definitiely trojans....as I stated.. Clients computer did have a gigabyte Mobo... thank you to Raynard and centery
0
 
Booda2usAuthor Commented:
To rpggamergirl: I used Prevx1 to clean  clients system...I appreciate your effort and thoroughness in maintaining EE's credibility and security....Booda2us
0
 
centervCommented:
You're welcome.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.