Sponsor for PC Pals Forum

Author Topic: Please help - possible virus  (Read 12557 times)

Offline Simon

  • Administrator
  • *****
  • Posts: 77923
  • First to score 7/7 in Quiz of The Week's News 2017
Re: Please help - possible virus
« Reply #15 on: October 06, 2008, 23:24 »
I'm no expert on these, but it seems that these could be the entries we're concerned about, yes?

Quote
C:\WINDOWS\system32\jupous.exe
O4 - HKLM\..\Run: [fybo] C:\WINDOWS\system32\jupous.exe
O4 - HKLM\..\RunServices: [fybo] C:\WINDOWS\system32\jupous.exe

Did you do the analysis thing, and did it come back with anything?  Any idea what 'fybo' is?  Anything to do with Facebook, by any chance?  Trouble is, with nothing coming up on Google, it's difficult to know if the files are legit or not.  All I would say is, if they are genuine, they probably would have come up on Google.  It definitely looks like those [fybo] things are set to start with Windows.
Many thanks to all our members, who have made PC Pals such an outstanding success!   :thumb:

Offline Michelle

  • Forum Fanatic
  • ******
  • Posts: 5242
    • Techieminx
Re: Please help - possible virus
« Reply #16 on: October 06, 2008, 23:28 »
oh i dunno - but they are blocked at firewall - and facebook works

mcafee said that its part of houvoov.exe or wofyzarouz.exe, and nothing about those either lol

But it might be fine, i just wondered what they were.........and it did try to access the system again, but not since.
Out of all the things I've lost .......I miss my mind the most!!

Offline Simon

  • Administrator
  • *****
  • Posts: 77923
  • First to score 7/7 in Quiz of The Week's News 2017
Re: Please help - possible virus
« Reply #17 on: October 06, 2008, 23:33 »
It does look like something's there that shouldn't be, but until we can find out what it is, we can't tell if it's harmful or not.  It could be one of those things that just installs itself with a random name, which is why it might not be appearing on Google.  If they are blocked by your firewall, I guess that should offer some protection, but if it were me, I'd be happier if they were out of the system altogether.  :(
Many thanks to all our members, who have made PC Pals such an outstanding success!   :thumb:

Offline Michelle

  • Forum Fanatic
  • ******
  • Posts: 5242
    • Techieminx
Re: Please help - possible virus
« Reply #18 on: October 06, 2008, 23:39 »
yeah thanks Simon i feel the same, funny though if they are blocked and i'm still have problems. Some thing else isn't right. I'd say it was the new router but this happened a week after it was installed.

Maybe someone who knows about these logs will explain more :)

Out of all the things I've lost .......I miss my mind the most!!

Offline Simon

  • Administrator
  • *****
  • Posts: 77923
  • First to score 7/7 in Quiz of The Week's News 2017
Re: Please help - possible virus
« Reply #19 on: October 07, 2008, 00:03 »
Indeed, but as I mentioned, you can send the log file off to HJT for analysis, and it should come back with what's good, bad, or unknown.  Might be useful to try that until someone else comes along.
Many thanks to all our members, who have made PC Pals such an outstanding success!   :thumb:

Offline Simon

  • Administrator
  • *****
  • Posts: 77923
  • First to score 7/7 in Quiz of The Week's News 2017
Re: Please help - possible virus
« Reply #20 on: October 07, 2008, 00:06 »
What router do you have?  Does it show any strange activity in the firewall logs?  Just wondering if something's hogging your connection.
Many thanks to all our members, who have made PC Pals such an outstanding success!   :thumb:

Offline Sandra

  • Ultimate Member
  • *******
  • Posts: 12155
Re: Please help - possible virus
« Reply #21 on: October 07, 2008, 00:26 »
Get CCcleaner from www.filehippo.com Michelle.
Click on Registry at the side then on Scan now. Hopefully that will find any problems with the registry and will bring up a list of "issues". Click on Fix Issues after it has scanned, say no when asked if you want to back up the registry, as I think its corrupted so theres no point in saving it. Then click on Fix All. After its done it run the scan again and repeat from Click on Fix Issues as sometimes it cant fix everything in one or even 2 or 3 runs. Repeat the scans until it shows no issues then close it.

Offline TR

  • Forum Fanatic
  • ******
  • Posts: 7149
Re: Please help - possible virus
« Reply #22 on: October 07, 2008, 07:20 »
Try Malwarebytes free edition  ;) then follow the prompts

Offline Michelle

  • Forum Fanatic
  • ******
  • Posts: 5242
    • Techieminx
Re: Please help - possible virus
« Reply #23 on: October 07, 2008, 08:30 »
Okay I've done the Malwarebytes one.

And one called CCleaner too not sure its the same one so I'll look at that.

The router is a belkin and its secure.

I'll try the hijack thing as well Simon, I didn't see the option when I scanned it before. I only posted it here as someone said to, as i know before we only had one person that could read them and they left.

It really just seems to be Msn and the game, i don't seem to be losing connection any other way, although its for such a short time maybe I wouldn't notice.

Okay I'll try those things anyway, have a good day everyone and thanks for advice :)
Out of all the things I've lost .......I miss my mind the most!!

Offline Reno

  • Established Member
  • ****
  • Posts: 1286
  • ø¤º° bob °º¤ø
Re: Please help - possible virus
« Reply #24 on: October 07, 2008, 08:45 »
Go here http://virusscan.jotti.org/ and copy and past these two pathes into the scan bar. That site scans uploaded files with a dozen or so antivirus programs.

C:\WINDOWS\system32\jupous.exe
C:\WINDOWS\system32\lexpps.exe

You can search any other suspicious looking files that you find on your computer using that site too. If you think you have a virus in your windows/systems32 folder, open the folder and organize by last modified. If the last few files are 238dskjfhiiueh or something similar chances are they are infections. Scan them with this site and post the results.
« Last Edit: October 07, 2008, 08:49 by Reno »

Offline davy51

  • Loyal Member
  • *****
  • Posts: 1690
Re: Please help - possible virus
« Reply #25 on: October 07, 2008, 12:58 »
Here are a couple of programs that might help

the first one allows a seach of what is running in task managerI did the search for the names in your problem but no luck

http://www.processlibrary.com/quicklink/


This one will replace task manager and give more information of whats running it does show a bit more than windows task manager I used them both in getting rid of adwar4e on my machine


process explorer

http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx



Dave

Don't walk behind me, I may not lead. Don't walk in front of me, I may not follow. Just walk beside me and be my friend

Albert Camus

Offline Michelle

  • Forum Fanatic
  • ******
  • Posts: 5242
    • Techieminx
Re: Please help - possible virus
« Reply #26 on: October 07, 2008, 17:03 »
Go here http://virusscan.jotti.org/ and copy and past these two pathes into the scan bar. That site scans uploaded files with a dozen or so antivirus programs.

Okay this looks like a good site, it scans with 20 different programmes, - I found out that that jupious and the other one wofyzacouz.eve were both modified on the day i started having problems, and in that scan only Sophos thought could be a problem Sus/Unpacker. 

 C:\WINDOWS\system32\lexpps.exe  was clean and I think its for my lexmark printer.

The only other things after that in the system32 folder were clean - perfc009.dat ... wpa.dbl and status.mpf
Nothing with that number you said Reno.

That CCleaner was the same one I'd done already but i ran it again and it deleted a further 48mb of stuff lol so god knows what happened last time maybe i didn't complete it? it couldn't be 48mb's more since sunday!
Oh duh i just looked again and there are two settings "windows" and applications  I'd not ran the applications cleaner.

Okay I'll see if thats made any difference if not I think i might just delete those Jupious files what u think? They are still there in 32 :(

Out of all the things I've lost .......I miss my mind the most!!

Offline Rik

  • Former Admin
  • *****
  • Posts: 26506
  • Ceud mille failte
Re: Please help - possible virus
« Reply #27 on: October 07, 2008, 17:11 »
Zip them up, Michelle. Then if you need them back, it's easy.
Slainthe!

Rik

Offline Michelle

  • Forum Fanatic
  • ******
  • Posts: 5242
    • Techieminx
Re: Please help - possible virus
« Reply #28 on: October 07, 2008, 17:40 »
Oh good idea rik

Every time i do these scan things I have to remember my pals password which i never use and i keep having to look it up lol

Out of all the things I've lost .......I miss my mind the most!!

Offline Rik

  • Former Admin
  • *****
  • Posts: 26506
  • Ceud mille failte
Re: Please help - possible virus
« Reply #29 on: October 07, 2008, 17:41 »
IIRC, wpa.dbl is the activation file for Windows. It's worth making a copy of that.
Slainthe!

Rik


Show unread posts since last visit.
Sponsor for PC Pals Forum