Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE7 will not connect to Windows Update


  • Please log in to reply
1 reply to this topic

#1 grammajean

grammajean

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 01 May 2010 - 06:25 AM

I have Verizon Wireless Internet using a USB Modem, using "VZAccess Manager" as the connection program.
I have a HP Pavillion dv8000 Laptop running Windows XP Pro, x86 Service Pack 3, I am using Internet Explorer 7 as a web browser.
I use AVG anti-virus, Ad-Aware and have used SpyBot S&D, and Malwarebytes to check for viruses.
April 14, 2010, AVG found a "PUP Adware Generic2.ABZP", also found evidence of the same virus on the 21st of April in different places. On April 25, 2010 AVG found "Trojan Horse Dropper Generic2.CKX". All were fixed and placed in AVG Virus Vault.

Problem; I can get online and go to most all web sites I want to except, "Windows Update" or "Microsoft" webpage and any known Anti-virus sites. IE gives me the message (IE cannot display the webpage). I have used all the suggestions, such as update Active X controls and Java. I have disabled Restore to eliminate saving and re-infecting the computer.
I recently installed Online Armor Firewall to replace Windows Firewall. While checking Online Armors list of "allowed" Programs, I came across "Speedy PC". It was not something I recognized as having installed on my laptop, not listed in my Program Files or Control Panel –Add/Remove page, so checked for more info from Online Armor. This is the information they showed:

About Au_.exe
Size 375,487 byte(s)
Status Unknown
Vendor SpeedyPC Software (Unknown)
Product SpeedyPC
Sighting 14-Apr-10 26-Apr-10
Actions Allowed by 33% user(s)

Au_.exe Description:
SpeedyPC Installer

Also known as:
uninst.exe

What does Au_.exe do?
Cache
Installer - Installs software on your computer.
Process - a process that runs on your computer
ProcessStart
ProcessSuspend
RemoteDataModification
StartWithParams


Au_.exe Version info
Au_.exe describes itself as follows. Note that this information can easy be faked

Product Name SpeedyPC
Product Version 3.0.1.0
File Version 3.0.1.0
Copyright Copyright © 2010 SpeedyPC Software
Description SpeedyPC Installer

OA Version(s):
4.0.0.35
4.0.0.44

Locations:
Au_.exe is found in location(s)

%ProfilesDirectory%\%UserName%\AppData\Local\Temp\~nsu.tmp\
%ProgramFiles%\SpeedyPC\

Countries
Au_.exe has been sighted in the following countries

Italy 14-Apr-10 14-Apr-10
United Kingdom 20-Apr-10 20-Apr-10
United States 20-Apr-10 26-Apr-10

I find it ironic that the first sightings correspond to the first date AVG found a virus in my computer.
Tracked it down and it is located at "C\Documents and Settings\E. Jean Ruport\Local Settings\Temp\~nsu.tmp\Bu .exe"

The first time I checked with Online Armor, I am sure the exe was "Au .exe."

Also, The infection on April 24 that AVG found was "Trojan HorseDropper.Generic2.CKX" in "C:\Documents and settings\E. Jean Ruport\Desktop\a .exe"

I find this SUSPICIOUS!

It is not listed in my Program Files....

I checked it with AVG and MBAM but it showed clean in both.

As I am not able to get to Anti Virus sites on Internet Explorer could you please investigate this for me.
As for me I am going to Isolate this program as much as possible until I hear from you.

7:30 AM Tried to get AVG updated and updates failed so I Just Checked Online Armor again and it now has "Cu .exe" so this file is multiplying. The program is called Speedy PC. I have blocked them through Online Armor. Don't know what else to do.
Thank you for any help you can give, Jean

Edited by grammajean, 01 May 2010 - 06:28 AM.


BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:58 AM

Posted 05 May 2010 - 05:03 PM

Run a quick scan with Malwarebytes and post the log.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users