Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What Happened To Winpfind35u.exe?


  • This topic is locked This topic is locked
9 replies to this topic

#1 flanners

flanners

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 11 April 2008 - 08:11 AM

I've been trying to get a copy of WinPFind35U.exe, but the link to it returns "HTTP 404 Not Found". Can someone please tell me where I can get it from?

This is the link that returns the error:

http://download.bleepingcomputer.com/oldti...WinPFind35u.exe

Thanks in anticipation

BC AdBot (Login to Remove)

 


m

#2 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 11 April 2008 - 08:26 AM

I too have found that link 'invalid' (maybe admin will know why)

I have found references to it via a google search but they are all within HJT logs instructions on other sites; what problems are YOU experiencing with YOUR computer?

#3 flanners

flanners
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 11 April 2008 - 09:13 AM

I too have found that link 'invalid' (maybe admin will know why)

I have found references to it via a google search but they are all within HJT logs instructions on other sites; what problems are YOU experiencing with YOUR computer?


I have an instance of firefox.exe in Task Manager that immediately restarts when I try to end it. The process starts by itself and when I start firefox, there are 2 instances running. The only way I've found of preventing it from running is to re-name firefox.exe.

Looking through various forums, it appears that I may have a rootkit infection and the recommendation is to use WinPFind35U.exe. Another symptom I had was not being able to boot into Safe Mode. That has now been fixed using a safemode fix utility that I did manage to get a copy of.

What problems are you having, ruby1?

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:39 PM

Posted 11 April 2008 - 09:58 AM

You should not be following specific instructions provided to someone else especially if they were given in the HijackThis forum. Those instructions were given under the guidance of a trained staff expert to help fix that particular member's problems, NOT YOURS. Before taking any action, the helper must investigate the nature of the malware issues and then formulate a fix for the victim. Although your problem may be similar, the solution could be different based on the kind of hardware, software, system requirements, etc. and the presence of other malware. Using someone else's fix instructions could lead to disastrous problems with your operating system. It's best that you tell us what specific issues YOU are having rather than point to someone else.

WinPFind is an advanced tool used by malware removal experts who are helping others to investigate and remove malware infections in the Hijackthis forum. It is intended to be "used under the guidance and supervision of an expert".

What steps have you taken to investigate your processes?

If your suspicious about a particular file, then go to jotti's virusscan or virustotal.com. In the "File to upload & scan" box, browse to the location of the suspicious file(s) and submit (upload) it for scanning/analysis.
-- Then post back with the results of the file analysis.

Determining whether a file is malware or a legitimate process sometimes depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file. However, it then places itself in a different location on your computer. A file's properties may give a clue to identifying it. Right-click on the file, Properties and examine the General and Version tabs.

You can download and use Process Explorer or System Explorer to investigate all running processes and gather additional information to identify and resolve problems. These tools will show the process CPU usage, a description and its path location. If you right-click on the file in question and select properties, you will see more details about the file.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 11 April 2008 - 11:40 AM

I too have found that link 'invalid' (maybe admin will know why)

I have found references to it via a google search but they are all within HJT logs instructions on other sites; what problems are YOU experiencing with YOUR computer?


I have an instance of firefox.exe in Task Manager that immediately restarts when I try to end it. The process starts by itself and when I start firefox, there are 2 instances running. The only way I've found of preventing it from running is to re-name firefox.exe.

Looking through various forums, it appears that I may have a rootkit infection and the recommendation is to use WinPFind35U.exe. Another symptom I had was not being able to boot into Safe Mode. That has now been fixed using a safemode fix utility that I did manage to get a copy of.

What problems are you having, ruby1?

the reason why I asked what problems you are having with your computer was because your original question about the 'fix' led me to find all references TO that fix within HJT log instructions ; this leads me to believe you are seeking help to clean your computer of something

as I pointed out, maybe not sufficiently pointedly , ALL the links to fixes I found were within Log instructions and therefore specific to that computer being healed and NOT for yours

as quietman 7 so rightly points out, you and anyone else for that matter should NOT be using any fix instructions from any logs as those fixes have been written by the helper on that log thread specifically FOR that computer and NOT yours

if you need help you need to describe exactly what YOUR symptoms are and what programs if any you have so far run to try to sort it out

may one ask from where you did get the' safemode fix 'utility?

#6 flanners

flanners
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 11 April 2008 - 02:44 PM

I didn't say that I was following anyone elses fix instructions. I have simply searched to see if my symptoms have been seen elsewhere and all the results seem to indicate that others have experienced the same. I know full well that detection and eradication of any malicious software on my computer will be specific to the way my computer is configured and no-one else's.

But you have to start somewhere.

WinPFind35U.exe is referenced as a tool that can assist in investigation & eradication, but the comments on this board seem to imply that it is specific to an individuals computer - how can this be? is it compiled especially for every single person who has a problem? - I think not.

With reference to the Safemode fix, "Safeboot repair by sUBs:" is the program I used, and I downloaded it from bleepingcomputer:

http://download.bleepingcomputer.com...tKeyRepair.exe

#7 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 11 April 2008 - 03:02 PM

I didn't say that I was following anyone elses fix instructions. I have simply searched to see if my symptoms have been seen elsewhere and all the results seem to indicate that others have experienced the same. I know full well that detection and eradication of any malicious software on my computer will be specific to the way my computer is configured and no-one else's.

But you have to start somewhere.

WinPFind35U.exe is referenced as a tool that can assist in investigation & eradication, but the comments on this board seem to imply that it is specific to an individuals computer - how can this be? is it compiled especially for every single person who has a problem? - I think not.

With reference to the Safemode fix, "Safeboot repair by sUBs:" is the program I used, and I downloaded it from bleepingcomputer:

http://download.bleepingcomputer.com...tKeyRepair.exe



could you kindly clarify this link as it seems to go nowhere?

and again the only relevent links I can find via google for 'Safeboot repair by sUBs' ared all within HJT logs

again; maybe you could tell us exactly what IS happening with/to your computer so that appropriate tools can be offered for you to run?

#8 aeoneflux

aeoneflux

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:39 AM

Posted 03 May 2008 - 12:35 AM

same problem here. tried downloading WinPFind3u using the following links but to no avail.
they always return an "HTTP 404" error page.

http://download.bleepingcomputer.com/oldtimer/winpfind3u.exe
http://download.bleepingcomputer.com/oldti...winpfind35u.exe

can somebody please help out a newbie where to download this file/s?

would very much appreciate it.

Edited by aeoneflux, 03 May 2008 - 12:37 AM.


#9 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:39 PM

Posted 03 May 2008 - 01:11 AM

Give it up, when you research this a little more you'll find this is all very much cloak and dagger stuff with a full out war going on between the good guys and the bad guys. One week the good guys release a tool that stops the malware in it's tracks, the next week the bad guys release an update that trashes a computer when you use that tool. If people would just wise up and and learn how to surf and secure their computers this whole war would stop and the bad guys might find gainful employment and the good guys could go back to just being brilliant programmers.

rant off
Chewy

No. Try not. Do... or do not. There is no try.

#10 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:39 PM

Posted 03 May 2008 - 09:49 AM

DaChew makes some very good points. There is somewhat of a war going on and as either side makes a change the other side reacts. In a reaction to the continuing advancement of new malware, the winpfind series of tools have now been retired and a new set of tools have been developed.

That said, users should not run any specialized tool unless specifically requested by a team helper. Not all helpers are familiar with every tool, and in the case of the winpfind tools, capable of creating the fixes. The winpfind tools created very in-depth logs that required an intimate knowledge of the program and how to analyze and use that information in malware removal. While there are many excellent tools available to help in the malware removal process, running a tool that worked on one system could cause disastrous results on another. Tool selection is part of the analysis process that helpers have been trained to undertake.

If you think you may have a malware issue then the best course of action is to follow the directions for posting in the Malware forum. This includes running the preliminary antivirus scans and posting a HijackThis log. After reviewing that log, the helper will provide instructions as to what other tools might or might not be needed in each particular case. Please do not bog down a helper with log after log after log from tools that they have not requested to be run. It only serves to complicate the analysis and make the removal process more difficult.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users