Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Iloveher.exe Problem


  • Please log in to reply
6 replies to this topic

#1 badsai

badsai

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 23 October 2007 - 04:47 PM

hello.. im just new here, so i guess i'll just go straight to the point..

someone inserted a flashdisk on my pc, and my mcafee detected something like a script trying to edit my registry, but before i could choose the block option, the thing's already there, and when i blocked it mcafee cant remove it anymore..

now the thing i was talking about is this flashing "say no to drugs!!!" in the middle of my screen.thing it does is it disables the task manager..i dunno what else but thats the first thing i noticed.

i also have an avg and avg anti spyware installed aside from mcafee, the problem is they cant detect it as a virus or something.. i opened my avg anti spyware and checked the analysis, like a task manager, and saw the iloveher.exe.. i was able to find it in the prefetch folder in windows,and its a pf file.i was able to delete it from the prefetch folder or terminate it from the avg antispyware..but whenever i click my hard drives,both of them, it comes back again...

a friend recommended combofix, since all of my antivirus software didnt worked, i tried it.. at first it worked.. but when i restarted my computer, its back again..

im using a 40g HD for my softwares and a 80g HD for my file storage.. i just reformatted both of them, reinstalled windows, but its still there.. so i think its in my files. the problem is, my files are too important for me to delete it, thats why im trying to find a way to manually remove it...

thats all that i can think of right now. im too tired cuz ive been trying to fix it for the second night now..

if u have any questions that may relate or may help with this matter pls do so. or if theres something that i missed telling pls tell me..

and all the help that i could get i would gladly appreciate it..

tnx for now guys..

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,319 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:59 AM

Posted 23 October 2007 - 05:22 PM

Post a Hijack This Log in the Hijack This Forum by following the directions in the link below. DO NOT post a log in this forum. http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,762 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:59 PM

Posted 23 October 2007 - 07:11 PM

Go to Start > Run and type: cmd
press Ok
At the command prompt, copy/paste:
cd \
dir /as /ah >>"C:\Output.txt"
press Enter.
A text file named output.txt will be saved in the root directory (C:\Output.txt).
Open the text file, copy and paste the contents into your next reply.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 badsai

badsai
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 24 October 2007 - 06:58 AM

sir buddy, sorry if i posted in the wrong place, like i said, im only new here.. hope u understand..

sir quietman7, heres the result of what you've told me to do.. also tried it on my d drive, ill post it also..

Volume in drive C has no label.
Volume Serial Number is 471E-9EB1

Directory of C:\

10/23/2007 04:56 AM 211 boot.ini
10/24/2007 07:17 PM 1,073,270,784 hiberfil.sys
03/15/2007 04:16 AM 36,864 Iloveher.exe
10/23/2007 05:09 AM 0 IO.SYS
10/23/2007 05:09 AM 0 MSDOS.SYS
08/03/2004 07:38 PM 47,564 NTDETECT.COM
08/03/2004 07:59 PM 250,032 ntldr
10/24/2007 07:17 PM 1,610,612,736 pagefile.sys
10/24/2007 12:49 AM <DIR> RECYCLER
10/23/2007 05:15 AM <DIR> System Volume Information
10/24/2007 01:30 AM <DIR> Recycled
8 File(s) 2,684,218,191 bytes
3 Dir(s) 35,169,140,736 bytes free


heres for the d drive..

Volume in drive D has no label.
Volume Serial Number is 471D-6275

Directory of D:\

03/15/2007 04:16 AM 36,864 Iloveher.exe
10/23/2007 02:55 AM <DIR> System Volume Information
10/24/2007 07:47 PM 39 autorun.inf
10/23/2007 03:37 AM <DIR> Recycled
2 File(s) 36,903 bytes
2 Dir(s) 49,092,165,632 bytes free


thats it sir! hope to hear from you soon... tnx for now...

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,762 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:59 PM

Posted 24 October 2007 - 09:06 AM

I can't find any info on Iloveher.exe so do this:

Go to jotti's virusscan or virustotal.com. In the "File to upload & scan" box, browse to the location of Iloveher.exe and submit (upload) it for scanning/analysis.
Post back with the results of the file analysis.

I also want you to do this:

Go to Start > Run and type: regedit
Press "OK" and navigate to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

In the right pane you should see the default entries:
Shell = Explorer.exe
Userinit = C:\WINDOWS\system32\userinit.exe,


Post back and let me know if thats correct.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 badsai

badsai
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 24 October 2007 - 12:20 PM

yeah sir the shell and userinit registries are correct...

i just finished the online scan that u told me to do... these are the results...

Last file scanned at least one scanner reported something about: WinImage.v8.10.8100.Incl.Keygen-TSZ.zip (MD5: 849befb932ce5ba22bcb485901e8b170, size: 11930 bytes), detected by:

Scanner Malware name
A-Squared X
AntiVir X
ArcaVir X
Avast X
AVG Antivirus X
BitDefender X
ClamAV X
CPsecure X
Dr.Web X
F-Prot Antivirus X
F-Secure Anti-Virus X
Fortinet X
Kaspersky Anti-Virus X
NOD32 X
Norman Virus Control Harnig.gen1
Panda Antivirus X
Rising Antivirus X
Sophos Antivirus Mal/Packer
VirusBuster X
VBA32 X

but it said there that "You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives. We are not affiliated with any third parties that conduct tests using this service." so im not sure if its real...

i tried downloading sophos but macafee blocked it and said its infected.. in norman site i cant find the donwload link..

one thing i noticed that the (virus?)'s doing aside from disabling task manager is it also disables the folder option, both in explorer tools and in control panel..

i really am thanking you sir for giving time to this problem of mine... tnx for now again...

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,762 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:59 PM

Posted 24 October 2007 - 01:16 PM

Some infections are often responsible for registry alterations and accompanied by other types of malware files which need to be identified, then removed. Its time to have a deeper look as to what's causing your problems by creating and posting a hijackthis log.

Please read and follow all instructions in the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". You may have performed some of these steps already. If you can't perform a step, then skip and continue with the next. In step #9 there are instructions for downloading HijackThis and creating a log. (This is a self-extracting version which will automatically install HJT in the proper location.)

If HijackThis will not run, try renaming it. Open the HijackThis Folder, right-click on the HijackThis.exe file and rename it Scanner.exe. Double-click on Scanner.exe (which is still HijackThis) and then run your scan. If needed, change the .exe to something else such as .bat, .com, .pif, or .scr. Example: Scanner.bat or Scanner.com

When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the HijackThis log that lists version information. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the HJT Team.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users