Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

multiple Username.exe processes, spyware?

Posted on 2009-03-31
7
Medium Priority
?
1,951 Views
Last Modified: 2013-11-22
Hi,
I believe one of our users has been affected with a virus and/or spyware. When the computer starts everything is normal, as soon as the internet starts, multiple username.exe processes start running. The CPU then maxes out and an enforced shutdown occurs. We arre running mcafee enterprise 8.5.0 (DAT 5569) with antispyware module, have also run adaware and superantispyware. Nothings finds the problem. other user profiles have not been affected. Any ideas?
Thanks a lot
0
Comment
Question by:kwatt562
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
7 Comments
 
LVL 49

Expert Comment

by:dbrunton
ID: 24027518
Recommend

Slave the hard disk in another computer and use a good anti virus application such as NOD32.  It is quite probable that the virus is suppressing McAfee and that is why it is not working.
0
 
LVL 23

Expert Comment

by:Mohamed Osama
ID: 24027603
Please post a Hijack this log .




0
 

Author Comment

by:kwatt562
ID: 24028042
Thanks I ran Hijackthis and the log is attached
hijackthis.log
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 23

Accepted Solution

by:
Mohamed Osama earned 2000 total points
ID: 24028304
Is this script yours ?, if so then please ignore .
 O4 - HKLM\..\Run: [SCRIPT_EFS] C:\WINDOWS\system32\Script_MyDocuments_Permissions.vbs
O4 - HKLM\..\Run: [LCSGetUserInfo] C:\WINDOWS\SYSTEM32\LCSGetUserInfo.vbs
Also thois entry looks strange, is it an application you know ? , if not , then it can be fixed using Hijack this
 O4 - HKCU\..\Run: [UKDSTJME] D:\Documents and Settings\ukdstjme\UKDSTJME.exe /i
 O4 - HKCU\..\Run: [] D:\Documents and Settings\ukdstjme\.exe /i
Please Download Malwarebytes Antimalware, install, update online & run a full scan in safe mode if possible, please allow the program to fix the findings & post MBAM log as well as an updated Hijack this log.
finally , Please post the Event log , attach the .EVT file for Application & system after renam,ing to .txt from the impacted machine.
I would be more interested in the one for application.



 


0
 

Author Comment

by:kwatt562
ID: 24028750
As soon as I ran the log, I realised that the exe running from the users profile cant be right, so I started in safe mode and deleted the ukdstjme.exe. Since doing that I havent had any problems with the pc. I ran antispyware from safe mode, but it didnt find anything. Could the actual spyware have been removed and this was just a residual program left?
0
 
LVL 23

Expert Comment

by:Mohamed Osama
ID: 24033837
Could be this is the ony infection, a follow up Hijack this log would be nice .
also if you still have ukdstjme.exe can we please scan it on www.virustotal.com
it would hellp to identify what we have here

0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Can I legally transfer my OEM version of Windows to another PC?  (AKA - Can I put a new systemboard in my OEM PC?) Few of us are both IT and legal experts but we all have our own views of Microsoft's licensing rules and how they apply.  There are…
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question