Removing RAUOYA.exe and JTPEQ.exe from PC

Hi;

I encountered two malware Rauoya.exe and JTPEQ.exe which utilise between 50% and 80%  of the CPU.

I think it is the same malware which is changing its name as after the first machine began giving trouble it was replaced while it came to be checked and the replacement worked fine until after the same USB Flash drive used in the first machine was used one the second. Then the second began doing the same things.

I have tried stopping it at start-up, through the msconfig and the registry. I have looked for any signs of the executable in the program files. Finally I installed Nod-32. When I did this it immediately stopped running, prior to any scanning. The scan of the machine revealed two  unrelated trojans. I am thinking it has detected the nod and is in some type of incubation.

I should also mention that I used my USB drive on the machine to install malwarebytes and a subsequent scan of my usb drive revealed that the jtpeq files were on it so I immediately formatted the drive.

How do I deal with such a program when I can find it. I would prefer not to have to reformat the machine as that would mean backing up the data which increases the possibility that it might jump.

Your assistance is greatly appreciated.
mavcomAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

edbedbCommented:

Give HitmanPro a try, You can get it here.
http://www.surfright.nl/en/hitmanpro
0
Thomas Zucker-ScharffSolution GuideCommented:
I can't answer your question completely, but I would strongly suggest disabling autorun on all your machines.  With autorun disabled you can still run the software you wish from your USB, but no software will run automatically.  This is especially true for U3 enabled drives as they identify themselves as disk drives and this makes the process easier for a virus.

To disable autorun on an XP machine just double click the attached file once you have downloaded it.  Answer yes when the dialog asking if you want to add this to your registry comes up.
autorun.reg
0
xmachineCommented:
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

Thomas Zucker-ScharffSolution GuideCommented:
xmachine has good suggestions.  If you use Microsoft Security essentials, don't forget to tick the box to autoscan USB when detected (I believe it's in the advanced options, but I don't have a machine running it in front of me).  Also be careful with combofix.  Follow the instructions and post the log here before going on.
0
optomaCommented:
Along with above suggestions, it would be wise to run Flash Disinfector on all removable usb devices

http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe
-Download to desktop
-Run it
-Follow prompts
-When asked, plug in removable usb device
-It will prompt when scan is finished
-Repeat for next removable usb
0
mavcomAuthor Commented:
Hi;

Thank you for your comments. The day is done here so I will give those a shot on Monday.
0
mavcomAuthor Commented:
Hi Tzucker;

The autorun.req file does not run. It simply opens up as a text document.
0
Thomas Zucker-ScharffSolution GuideCommented:
that is odd.  Are you using XP? it should be named autorun.reg.  Does it still not work?
0
c_a_n_o_nCommented:
If your system is infected with a pest, malware, trojan, or virus your system will behave unexpectedly.  The best method to attempt resolution is to completely rule out the operating system by bypassing it.  To do so, you will need a rescue CD.  There are several that are out there, you might be able to create one, there are instructions and sites that can assist with that.  But the easiest way is to use a product that is FREE, and I have used successfully for several of my clients and on many workstations.

BitDefender (FREE Downloadable Rescue CD).  Available Here.
http://download.bitdefender.com/rescue_cd/

Instructions on the product.
http://www.bitdefender.com/KB417-en--Using-the-BitDefender-Rescue-CD.html

Hope this helps.

PS.  This may sound like a "canned" response, it just might be.  However, it is the easiest and most effective method to resolve a situation like this.
0
johnb6767Commented:
Did you get those 2 files removed yet?
0
mavcomAuthor Commented:
Combo fix removed the malware quickly and totally.
0
xmachineCommented:
Glad it worked for you, and thanks for the points
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.