Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Setuper.exe


  • Please log in to reply
7 replies to this topic

#1 cewong2

cewong2

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:08 PM

Posted 24 February 2010 - 07:27 AM

Hello,

It looks like i'm once again infected, even with a new system, causing my system to be a bit sluggish I think. Avira has recently been annoying me with virus alerts from my temp directory, which I promptly just tell it to delete, but they keep returning. When I was going through my task manager I noticed a program called setuper.exe*32 when I did a search on the internet it looks like it's a virus, but I couldn't find removal instructions. So I'm here seeking the guidance to see if I can get some help on how to remove the issue at hand, and maybe make sure my system is running well. This may or may not be related, but I find that the processor is being taxed to unusually high % even when there are minimal programs running.

I'm currently running:
Windows 7 Enterprise x64
Laptop 2gb mem
AMD Turion x2 64 processor.

Thanks.

Edited by cewong2, 24 February 2010 - 07:28 AM.


BC AdBot (Login to Remove)

 


#2 cewong2

cewong2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:08 PM

Posted 27 February 2010 - 05:44 AM

I also seem to be getting a virus popup from Avira for

TR/drop.agent.bldf and DR/Dldr.Agent.dbv

it says they are malware in teh log, but I can't seem to remove them. I deny/delete them every time but they keep coming back.

#3 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:08 AM

Posted 03 March 2010 - 09:03 AM

Hi,

Sorry for the delay in responding to your topic.

Have you tried running your Anti-Virus program in safe mode?

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#4 cewong2

cewong2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:08 PM

Posted 03 March 2010 - 09:18 AM

I have, it doesn't find anything viruses. But for some reason the notifications will pop up.

#5 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:08 AM

Posted 03 March 2010 - 10:12 AM

OK, we'll use another anti-malware program to see if that can find and remove the malware.

Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.Download Link 1
Download Link 2
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#6 cewong2

cewong2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:08 PM

Posted 03 March 2010 - 10:25 PM

Malwarebytes' Anti-Malware 1.44
Database version: 3820
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3/3/2010 11:05:04 AM
mbam-log-2010-03-03 (11-05-03).txt

Scan type: Quick Scan
Objects scanned: 117197
Time elapsed: 15 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\Tasks\Acrobat Update.job (Malware.Trace) -> Quarantined and deleted successfully.

There wasn't much found. The computer has also started acting sluggish even with a fresh reboot (I've already trimmed my startup items through msconfig too, including some services through services.msc)

Thanks

#7 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:08 AM

Posted 04 March 2010 - 01:25 PM

Hi,

With the information you have provided I believe that you will need help from the malware removal team. I would like you to start a new thread HERE and include a link to this thread. Please make sure that you read the information about getting started before you start your thread.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient. Help is on the way!

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#8 te0

te0

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 16 March 2010 - 05:39 AM

hello,
well i had the same problem as you before..
i have Win7,Avira antivir free and i was also had alerts in my Temp folders and a setuper.exe in my processes.
Spybot didnt help me though..as i am using it for 5 years now..
then i tried Antimalware by Malware bytes but with no luck..
so i finally download Superantispyware free...and guess what..
it found and delete my setuper.exe and i dont have any alerts from Avira now.
it solve my problems,so easy and so simple. :thumbsup:

Edited by te0, 16 March 2010 - 05:50 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users