Solved

What is ET4.exe?

Posted on 2006-10-28
9
492 Views
Last Modified: 2010-05-18
I spent several hours on a clients computer this week, getting rid of a Trojan called something like imimonitor.exe and imaminni.exe, and I noticed a process running called ET4.exe. What is this process and its function?
0
Comment
Question by:Booda2us
  • 2
  • 2
  • 2
  • +1
9 Comments
 
LVL 35

Accepted Solution

by:
Raynard7 earned 400 total points
ID: 17827929
It is most likley to be a program called easytune4 by gigabyte
if it is then it is not spyware but a monitoring program for things like case temperature and is used by overclockers,

however just because it has that name does not mean it is that file - so check it out anyway with some sort of scanner
0
 
LVL 35

Expert Comment

by:Raynard7
ID: 17827931
it is often shipped with motherboards
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 17828262
>> getting rid of a Trojan called something like imimonitor.exe and imaminni.exe <<


Is that a typo, do you mean these files below? if you mean these files, then you have smitfraud infection.

ismini.exe
isamonitor.exe


Can we look at your hijackthis log? the log will confirm if it's smitfraud or not.

Please download HijackThis 1.99.1
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

Then upload the logs to any hosting sites,
or go to the below link and login using your Experts-Exchange username and password.
http://www.ee-stuff.com
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.

OR: paste the log to either of these sites:
1. http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here.

2. or at --> http://www.hijackthis.de/
and click "Analyse", click "Save".  Then post the link to the saved list here.
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 17828266
If it is smitfraud, then smitfraudFix will fix it:

Please download SmitfraudFix:(XP/2000 only)
http://siri.geekstogo.com/SmitfraudFix.php
Extract the content (a folder named SmitfraudFix) to your Desktop.
Next, please reboot your computer in Safe Mode by rebooting the computer,
and repeatedly tapping the F8 key as the pc starts. Choose "Safe Mode" from
the options listed.
 
Once in Safe Mode, open the SmitfraudFix folder again and double-click
smitfraudfix.cmd
 
Select option #2 - Clean by typing 2 and press "Enter" to delete infected
files.
 
You will be prompted : "Registry cleaning - Do you want to clean the
registry?" answer "Yes" by typing Y and press "Enter" in order to remove
the Desktop background and clean registry keys associated with the
infection.
 
The tool will now check if wininet.dll is infected. You may be prompted to
replace the infected file (if found); answer "Yes" by typing Y and press
"Enter".
 
The tool may need to restart your computer to finish the cleaning process;
if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 18

Assisted Solution

by:centerv
centerv earned 100 total points
ID: 17831109
http://www.magictweak.com/program/105528/EasyTuneIV.html

overclock by Gigabyte EasyTune IV Utility
0
 
LVL 6

Author Comment

by:Booda2us
ID: 17912057
the 2 .exe files were definitiely trojans....as I stated.. Clients computer did have a gigabyte Mobo... thank you to Raynard and centery
0
 
LVL 6

Author Comment

by:Booda2us
ID: 17912069
To rpggamergirl: I used Prevx1 to clean  clients system...I appreciate your effort and thoroughness in maintaining EE's credibility and security....Booda2us
0
 
LVL 18

Expert Comment

by:centerv
ID: 17915071
You're welcome.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

There are 2 things you must have in order to connect to the internet behind a router, The "Gateway IP" of the router, which is usually something like 192.168.xxx.1, I've seen routers with default values of: 192.168.0.1, 192.168.1.1, 192.168.11.1, …
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now