Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

multiple Username.exe processes, spyware?

Posted on 2009-03-31
7
Medium Priority
?
1,952 Views
Last Modified: 2013-11-22
Hi,
I believe one of our users has been affected with a virus and/or spyware. When the computer starts everything is normal, as soon as the internet starts, multiple username.exe processes start running. The CPU then maxes out and an enforced shutdown occurs. We arre running mcafee enterprise 8.5.0 (DAT 5569) with antispyware module, have also run adaware and superantispyware. Nothings finds the problem. other user profiles have not been affected. Any ideas?
Thanks a lot
0
Comment
Question by:kwatt562
  • 3
  • 2
6 Comments
 
LVL 50

Expert Comment

by:dbrunton
ID: 24027518
Recommend

Slave the hard disk in another computer and use a good anti virus application such as NOD32.  It is quite probable that the virus is suppressing McAfee and that is why it is not working.
0
 
LVL 23

Expert Comment

by:Mohamed Osama
ID: 24027603
Please post a Hijack this log .




0
 

Author Comment

by:kwatt562
ID: 24028042
Thanks I ran Hijackthis and the log is attached
hijackthis.log
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
LVL 23

Accepted Solution

by:
Mohamed Osama earned 2000 total points
ID: 24028304
Is this script yours ?, if so then please ignore .
 O4 - HKLM\..\Run: [SCRIPT_EFS] C:\WINDOWS\system32\Script_MyDocuments_Permissions.vbs
O4 - HKLM\..\Run: [LCSGetUserInfo] C:\WINDOWS\SYSTEM32\LCSGetUserInfo.vbs
Also thois entry looks strange, is it an application you know ? , if not , then it can be fixed using Hijack this
 O4 - HKCU\..\Run: [UKDSTJME] D:\Documents and Settings\ukdstjme\UKDSTJME.exe /i
 O4 - HKCU\..\Run: [] D:\Documents and Settings\ukdstjme\.exe /i
Please Download Malwarebytes Antimalware, install, update online & run a full scan in safe mode if possible, please allow the program to fix the findings & post MBAM log as well as an updated Hijack this log.
finally , Please post the Event log , attach the .EVT file for Application & system after renam,ing to .txt from the impacted machine.
I would be more interested in the one for application.



 


0
 

Author Comment

by:kwatt562
ID: 24028750
As soon as I ran the log, I realised that the exe running from the users profile cant be right, so I started in safe mode and deleted the ukdstjme.exe. Since doing that I havent had any problems with the pc. I ran antispyware from safe mode, but it didnt find anything. Could the actual spyware have been removed and this was just a residual program left?
0
 
LVL 23

Expert Comment

by:Mohamed Osama
ID: 24033837
Could be this is the ony infection, a follow up Hijack this log would be nice .
also if you still have ukdstjme.exe can we please scan it on www.virustotal.com
it would hellp to identify what we have here

0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question