Solved

multiple Username.exe processes, spyware?

Posted on 2009-03-31
7
1,939 Views
Last Modified: 2013-11-22
Hi,
I believe one of our users has been affected with a virus and/or spyware. When the computer starts everything is normal, as soon as the internet starts, multiple username.exe processes start running. The CPU then maxes out and an enforced shutdown occurs. We arre running mcafee enterprise 8.5.0 (DAT 5569) with antispyware module, have also run adaware and superantispyware. Nothings finds the problem. other user profiles have not been affected. Any ideas?
Thanks a lot
0
Comment
Question by:kwatt562
  • 3
  • 2
7 Comments
 
LVL 47

Expert Comment

by:dbrunton
Comment Utility
Recommend

Slave the hard disk in another computer and use a good anti virus application such as NOD32.  It is quite probable that the virus is suppressing McAfee and that is why it is not working.
0
 
LVL 23

Expert Comment

by:Admin3k
Comment Utility
Please post a Hijack this log .




0
 

Author Comment

by:kwatt562
Comment Utility
Thanks I ran Hijackthis and the log is attached
hijackthis.log
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 23

Accepted Solution

by:
Admin3k earned 500 total points
Comment Utility
Is this script yours ?, if so then please ignore .
 O4 - HKLM\..\Run: [SCRIPT_EFS] C:\WINDOWS\system32\Script_MyDocuments_Permissions.vbs
O4 - HKLM\..\Run: [LCSGetUserInfo] C:\WINDOWS\SYSTEM32\LCSGetUserInfo.vbs
Also thois entry looks strange, is it an application you know ? , if not , then it can be fixed using Hijack this
 O4 - HKCU\..\Run: [UKDSTJME] D:\Documents and Settings\ukdstjme\UKDSTJME.exe /i
 O4 - HKCU\..\Run: [] D:\Documents and Settings\ukdstjme\.exe /i
Please Download Malwarebytes Antimalware, install, update online & run a full scan in safe mode if possible, please allow the program to fix the findings & post MBAM log as well as an updated Hijack this log.
finally , Please post the Event log , attach the .EVT file for Application & system after renam,ing to .txt from the impacted machine.
I would be more interested in the one for application.



 


0
 

Author Comment

by:kwatt562
Comment Utility
As soon as I ran the log, I realised that the exe running from the users profile cant be right, so I started in safe mode and deleted the ukdstjme.exe. Since doing that I havent had any problems with the pc. I ran antispyware from safe mode, but it didnt find anything. Could the actual spyware have been removed and this was just a residual program left?
0
 
LVL 23

Expert Comment

by:Admin3k
Comment Utility
Could be this is the ony infection, a follow up Hijack this log would be nice .
also if you still have ukdstjme.exe can we please scan it on www.virustotal.com
it would hellp to identify what we have here

0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet. BitCoin is an incredible invention. It is a decentralized currency system, which is the…
Issue: Unstable cursor in Windows XP and Windows runs extremely slow in that any click will bring up the Hour glass (sometimes for several seconds before giving you what you want) . Troubleshooting Process and the FINAL FIX: This issue see…
This video discusses moving either the default database or any database to a new volume.
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now