Solved

multiple Username.exe processes, spyware?

Posted on 2009-03-31
7
1,947 Views
Last Modified: 2013-11-22
Hi,
I believe one of our users has been affected with a virus and/or spyware. When the computer starts everything is normal, as soon as the internet starts, multiple username.exe processes start running. The CPU then maxes out and an enforced shutdown occurs. We arre running mcafee enterprise 8.5.0 (DAT 5569) with antispyware module, have also run adaware and superantispyware. Nothings finds the problem. other user profiles have not been affected. Any ideas?
Thanks a lot
0
Comment
Question by:kwatt562
  • 3
  • 2
7 Comments
 
LVL 48

Expert Comment

by:dbrunton
ID: 24027518
Recommend

Slave the hard disk in another computer and use a good anti virus application such as NOD32.  It is quite probable that the virus is suppressing McAfee and that is why it is not working.
0
 
LVL 23

Expert Comment

by:Admin3k
ID: 24027603
Please post a Hijack this log .




0
 

Author Comment

by:kwatt562
ID: 24028042
Thanks I ran Hijackthis and the log is attached
hijackthis.log
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 23

Accepted Solution

by:
Admin3k earned 500 total points
ID: 24028304
Is this script yours ?, if so then please ignore .
 O4 - HKLM\..\Run: [SCRIPT_EFS] C:\WINDOWS\system32\Script_MyDocuments_Permissions.vbs
O4 - HKLM\..\Run: [LCSGetUserInfo] C:\WINDOWS\SYSTEM32\LCSGetUserInfo.vbs
Also thois entry looks strange, is it an application you know ? , if not , then it can be fixed using Hijack this
 O4 - HKCU\..\Run: [UKDSTJME] D:\Documents and Settings\ukdstjme\UKDSTJME.exe /i
 O4 - HKCU\..\Run: [] D:\Documents and Settings\ukdstjme\.exe /i
Please Download Malwarebytes Antimalware, install, update online & run a full scan in safe mode if possible, please allow the program to fix the findings & post MBAM log as well as an updated Hijack this log.
finally , Please post the Event log , attach the .EVT file for Application & system after renam,ing to .txt from the impacted machine.
I would be more interested in the one for application.



 


0
 

Author Comment

by:kwatt562
ID: 24028750
As soon as I ran the log, I realised that the exe running from the users profile cant be right, so I started in safe mode and deleted the ukdstjme.exe. Since doing that I havent had any problems with the pc. I ran antispyware from safe mode, but it didnt find anything. Could the actual spyware have been removed and this was just a residual program left?
0
 
LVL 23

Expert Comment

by:Admin3k
ID: 24033837
Could be this is the ony infection, a follow up Hijack this log would be nice .
also if you still have ukdstjme.exe can we please scan it on www.virustotal.com
it would hellp to identify what we have here

0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Bulk Emailing to verious lists 11 97
Anti-virus for Linux Server 15 157
Is my window10 Safe? after a malware removed by AV? 5 95
Powershell script reporting 12 27
By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet. BitCoin is an incredible invention. It is a decentralized currency system, which is the…
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question