Solved

multiple Username.exe processes, spyware?

Posted on 2009-03-31
7
1,944 Views
Last Modified: 2013-11-22
Hi,
I believe one of our users has been affected with a virus and/or spyware. When the computer starts everything is normal, as soon as the internet starts, multiple username.exe processes start running. The CPU then maxes out and an enforced shutdown occurs. We arre running mcafee enterprise 8.5.0 (DAT 5569) with antispyware module, have also run adaware and superantispyware. Nothings finds the problem. other user profiles have not been affected. Any ideas?
Thanks a lot
0
Comment
Question by:kwatt562
  • 3
  • 2
7 Comments
 
LVL 48

Expert Comment

by:dbrunton
ID: 24027518
Recommend

Slave the hard disk in another computer and use a good anti virus application such as NOD32.  It is quite probable that the virus is suppressing McAfee and that is why it is not working.
0
 
LVL 23

Expert Comment

by:Admin3k
ID: 24027603
Please post a Hijack this log .




0
 

Author Comment

by:kwatt562
ID: 24028042
Thanks I ran Hijackthis and the log is attached
hijackthis.log
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 23

Accepted Solution

by:
Admin3k earned 500 total points
ID: 24028304
Is this script yours ?, if so then please ignore .
 O4 - HKLM\..\Run: [SCRIPT_EFS] C:\WINDOWS\system32\Script_MyDocuments_Permissions.vbs
O4 - HKLM\..\Run: [LCSGetUserInfo] C:\WINDOWS\SYSTEM32\LCSGetUserInfo.vbs
Also thois entry looks strange, is it an application you know ? , if not , then it can be fixed using Hijack this
 O4 - HKCU\..\Run: [UKDSTJME] D:\Documents and Settings\ukdstjme\UKDSTJME.exe /i
 O4 - HKCU\..\Run: [] D:\Documents and Settings\ukdstjme\.exe /i
Please Download Malwarebytes Antimalware, install, update online & run a full scan in safe mode if possible, please allow the program to fix the findings & post MBAM log as well as an updated Hijack this log.
finally , Please post the Event log , attach the .EVT file for Application & system after renam,ing to .txt from the impacted machine.
I would be more interested in the one for application.



 


0
 

Author Comment

by:kwatt562
ID: 24028750
As soon as I ran the log, I realised that the exe running from the users profile cant be right, so I started in safe mode and deleted the ukdstjme.exe. Since doing that I havent had any problems with the pc. I ran antispyware from safe mode, but it didnt find anything. Could the actual spyware have been removed and this was just a residual program left?
0
 
LVL 23

Expert Comment

by:Admin3k
ID: 24033837
Could be this is the ony infection, a follow up Hijack this log would be nice .
also if you still have ukdstjme.exe can we please scan it on www.virustotal.com
it would hellp to identify what we have here

0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Issue: Unstable cursor in Windows XP and Windows runs extremely slow in that any click will bring up the Hour glass (sometimes for several seconds before giving you what you want) . Troubleshooting Process and the FINAL FIX: This issue see…
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now