| n00bfest http://www.n00bfest.com/phpBB3/ |
|
| Odd file annoying me http://www.n00bfest.com/phpBB3/viewtopic.php?f=11&t=2171 |
Page 1 of 1 |
| Author: | S|y Cat B|ue [ Mon Feb 21, 2005 12:09 pm ] |
| Post subject: | Odd file annoying me |
I honestly doubt anyone has seen these files before because I have gone throught google search and nothing came up: wkwgww.exe hnhihh.exe They seem to be brother files because of the way the names are set (w for the 1,3,5,6 places h for the 1,3,5,6 places). I have never seen these before and all the updated spyware, adware, virus removal can spot it as a threat. What they actually cause is right at the startup, the programs start to work and use up about over 60 percent of the cpu. I see the hourglass spin constantly at the start up. So I open windows task manager to see these guys that I have never heard of be working on my computer. Here's the kicker. Because my scan/removal programs don't see it as a problem, I looked for the files my self. Locations were here: C:/WINDOWS/system32/wkwgww.exe C:/Documents and Settings/All Users/StartMenu/Programs/Startup/hnhihh.exe I look at the properties of both of them and they have different creation dates but I think those were when they were made, not downloaded. No information came with them so I know they are not important Microsoft files and such. So I find wkwgww.exe and delete it. But it says access denied. Decided to try and delete hnhihh.exe and it actually deleted. Then for some reason, in a matter of seconds, it pops up in the Startup folder again. WTF mate? I start the registry editor and search for those same files. I have renamed all of them, then deleted them. Thought is was over. Load up my computer the next day and I see my little hourglass spinning and see those files still on my computer. The reason why I wanted to post this is because I wanted to know if there is any way I cant disable certain programs. Right now I have SpySweeper and I have set a sheild on hnhihh.exe and it alerts me that it tries to load up and asks me to delete it. I do, and it pops back up in 3 seconds. I need to find a way other than deletion that I can disable certain files. Please help. ShittyKitty. |
|
| Author: | Rent-A-Cop [ Mon Feb 21, 2005 7:20 pm ] |
| Post subject: | |
Have you tryed booting in safe mode and working from there? |
|
| Author: | S|y Cat B|ue [ Tue Feb 22, 2005 12:15 pm ] |
| Post subject: | |
I tried it and started in safe mode with command prompt. I found the files and deleted them then ran through the registry again and deleted their files as well. It seemed to work, but only for a day. Today the thing is back on my comp. I am gonna try it all again and disconnect my internet to see if that is what is causing it now. |
|
| Author: | HHB [ Tue Feb 22, 2005 1:52 pm ] |
| Post subject: | |
too much porn |
|
| Author: | S|y Cat B|ue [ Wed Feb 23, 2005 3:12 pm ] |
| Post subject: | |
Pfft. For one thing there is no such thing as 'too much porn'. They were little rbots and junk but everytime I get rid of them they come back. So i don't think anything will help now except the 'F' word (format, for all you F*CKING wierdos). |
|
| Author: | Gman [ Wed Feb 23, 2005 10:01 pm ] |
| Post subject: | |
Holdup! delete the file from c:/windows/system32/dllcache/ and THEN delete it from system32. see if you can do that. |
|
| Author: | S|y Cat B|ue [ Thu Feb 24, 2005 2:58 pm ] |
| Post subject: | |
My problem isn't not being able to delete it now, because I know I can delete the file. I just need to know if there is some way I can have it on my computer but disabled from ever working. Everytime I delete it, it comes back on my computer within minutes even when I haven't done anything at all. So all I need to do is stop it from regenerating ya know? |
|
| Author: | Gman [ Thu Feb 24, 2005 10:23 pm ] |
| Post subject: | |
create a blank text document and rename it to the desired filename (make sure you get the extension correct, too). right click the icon and copy it go to your system32 folder, delete the exe, and hit ctrl+v instantly after you hit yes to delete it. it should put the new (blank, invalid) exe there, so it should satisfy your computer's lust for the file's presence without the file really being there. |
|
| Author: | S|y Cat B|ue [ Fri Feb 25, 2005 4:29 pm ] |
| Post subject: | |
It would be as if I just renamed it though, wouldn't it just copy itself again? Well w/e, Imma run through the deleting process once again and try that out. |
|
| Author: | MesscanBandito [ Fri Feb 25, 2005 5:00 pm ] |
| Post subject: | |
What if you make it read only? |
|
| Author: | S|y Cat B|ue [ Sat Feb 26, 2005 12:24 am ] |
| Post subject: | |
Yeah Gwoman, I tried it today and no such luck. Making it read-only didn't make a difference either. I found out it is like some Narrator worm or some shit like that that attacks svhost.exe on the comps. Don't worry about it anymore, ill just have to back up and F it. |
|
| Author: | Gman [ Sat Feb 26, 2005 12:59 pm ] |
| Post subject: | |
Do a virus scan. Google "pandasoftware activescan" It's an excellent, free, online virus scanner. Try and fix problems before you F*CKIN' format. |
|
| Author: | oreX [ Sat Feb 26, 2005 1:19 pm ] |
| Post subject: | |
http://www.windowsitpro.com/Forums/mess ... TARTPAGE=1 wtf copy paste ? |
|
| Author: | Spyda [ Sat Feb 26, 2005 2:09 pm ] |
| Post subject: | |
LOL almost the exact same thing... |
|
| Author: | S|y Cat B|ue [ Sun Feb 27, 2005 12:23 pm ] |
| Post subject: | |
Yeah retard, it is the same thing because that is my thread! I am getting different opinions here bro, why else would it be exactly the same spyda? Well I ran the TrendMicro scan again and the malware is called TROJ_NARRATOR.A (as in the other forum posted) Today I just ran through the procedures again and lets see if it is done now. |
|
| Page 1 of 1 | All times are UTC - 6 hours [ DST ] |
| Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/ |
|