Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

What is ET4.exe?

Posted on 2006-10-28
9
Medium Priority
?
508 Views
Last Modified: 2010-05-18
I spent several hours on a clients computer this week, getting rid of a Trojan called something like imimonitor.exe and imaminni.exe, and I noticed a process running called ET4.exe. What is this process and its function?
0
Comment
Question by:Booda2us
  • 2
  • 2
  • 2
  • +1
8 Comments
 
LVL 35

Accepted Solution

by:
Raynard7 earned 1600 total points
ID: 17827929
It is most likley to be a program called easytune4 by gigabyte
if it is then it is not spyware but a monitoring program for things like case temperature and is used by overclockers,

however just because it has that name does not mean it is that file - so check it out anyway with some sort of scanner
0
 
LVL 35

Expert Comment

by:Raynard7
ID: 17827931
it is often shipped with motherboards
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 17828262
>> getting rid of a Trojan called something like imimonitor.exe and imaminni.exe <<


Is that a typo, do you mean these files below? if you mean these files, then you have smitfraud infection.

ismini.exe
isamonitor.exe


Can we look at your hijackthis log? the log will confirm if it's smitfraud or not.

Please download HijackThis 1.99.1
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

Then upload the logs to any hosting sites,
or go to the below link and login using your Experts-Exchange username and password.
http://www.ee-stuff.com
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.

OR: paste the log to either of these sites:
1. http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here.

2. or at --> http://www.hijackthis.de/ 
and click "Analyse", click "Save".  Then post the link to the saved list here.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 47

Expert Comment

by:rpggamergirl
ID: 17828266
If it is smitfraud, then smitfraudFix will fix it:

Please download SmitfraudFix:(XP/2000 only)
http://siri.geekstogo.com/SmitfraudFix.php
Extract the content (a folder named SmitfraudFix) to your Desktop.
Next, please reboot your computer in Safe Mode by rebooting the computer,
and repeatedly tapping the F8 key as the pc starts. Choose "Safe Mode" from
the options listed.
 
Once in Safe Mode, open the SmitfraudFix folder again and double-click
smitfraudfix.cmd
 
Select option #2 - Clean by typing 2 and press "Enter" to delete infected
files.
 
You will be prompted : "Registry cleaning - Do you want to clean the
registry?" answer "Yes" by typing Y and press "Enter" in order to remove
the Desktop background and clean registry keys associated with the
infection.
 
The tool will now check if wininet.dll is infected. You may be prompted to
replace the infected file (if found); answer "Yes" by typing Y and press
"Enter".
 
The tool may need to restart your computer to finish the cleaning process;
if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

0
 
LVL 18

Assisted Solution

by:centerv
centerv earned 400 total points
ID: 17831109
http://www.magictweak.com/program/105528/EasyTuneIV.html

overclock by Gigabyte EasyTune IV Utility
0
 
LVL 6

Author Comment

by:Booda2us
ID: 17912057
the 2 .exe files were definitiely trojans....as I stated.. Clients computer did have a gigabyte Mobo... thank you to Raynard and centery
0
 
LVL 6

Author Comment

by:Booda2us
ID: 17912069
To rpggamergirl: I used Prevx1 to clean  clients system...I appreciate your effort and thoroughness in maintaining EE's credibility and security....Booda2us
0
 
LVL 18

Expert Comment

by:centerv
ID: 17915071
You're welcome.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are 2 things you must have in order to connect to the internet behind a router, The "Gateway IP" of the router, which is usually something like 192.168.xxx.1, I've seen routers with default values of: 192.168.0.1, 192.168.1.1, 192.168.11.1, …
Step by step guide to Clean and Sort your windows registry! Introduction: Always remember: A Clean registry = Better performance = Save your invaluable time In this article we're going to clear our registry manually! Yes, manually! The e…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Screencast - Getting to Know the Pipeline

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question