Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ekezanarigapuqaz in my startup again!


  • Please log in to reply
3 replies to this topic

#1 richknobpots

richknobpots

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 08 March 2011 - 03:04 PM

This eke thing was in my system configuration startup a few days ago and tried to run a dll which generated an error, and got my attention, that the dll KBDacrc.dll was blocked for some reason. I can't find my all notes from that session, but I ran MSE and it found "it", and removed it. I rebooted, and there was a similiar wacky name ayikuzogazinaf in the startup programs, so I repeated the process again. Things seemed better, but there was still an instance of the offensive second file in the registry, so I manually removed it.

I am running VISTA Ultimate SP1

All seemed well, but now this eke thing is BACK! Running MSE again, which had been hanging up on wmplayer.exe - just sitting there. My scan is running now... eke thing says it is loading a dll named KBDacrc stored in my c:\users\myname\appdata\local folder This time there was no error about it being blocked - I just went to check the configuration file since the computer was squirrelly again.

I have a second new entry that I cannot account for in my system configuration as well. It's for a realtek AC97 Event monitor, which sounds legit, but it is looking for a suspicious dll evecowopo in the same directory as the one the eke thing is looking for.

I have googled all these names to no avail. I have never not found a legit file name in a google search, so I am looking to see if anyone has heard of this file. Wish I could print the system config info - can't even expand that screen to see it all at once :(

I've had problems on & off since Dec 10 when I ran my mouse over something on Facebook (spawn of the devil) that seemed to have a popup that didn't pop to the screen- just a feeling that "something happened", but half an hour later I had that thing that was running the screaming ads in the background. I'm pretty sure I posted here about it, and I never saw anyone really come back to any of the similiar threads and post a resolution. I had to back up to a restore point and then I finally got rid of it after some RKILL and several MBAM passes over days as the database got updated.

I then had a narcoleptic computer - the dang thing would just drop off to "sleep mode" in the middle of me typing a sentence such as this. And then it would go back to sleep while I was trying to type in the password!!! I have to pull the power cord to get it to reboot frequently. Just hangs up...

Never really found anything that dealt with that, but MSE found a few low level things. MBAM didn't find any issues with this as I recall. At any rate, the dang thing stays awake now, sometimes not going into sleep mode at all even though it's set to do so.

I had AVG still trying to load despite repeated attempts to delete/uninstall it. I saw that I needed to reload to uninstall, so I tried that, and it didnt get rid of everything. I went into safe mode and manually deleted the rest of it after a long battle. I'm an old VMS guru, and it makes me crazy that Microsoft won't let me delete stuff off of my desk and shoot myself in both feet if I want to do this... I am used to having God-like powers as system manager and I am losing my mind here.

I have two separate back external drives, and I have literally copied all my data files to them. About all I may not have backup for at present is TurboTax. I have been advised by several friends to go to Win7 but I am worried that I will find myself missing a bunch of drivers and have to relearn yet another freaking MS OS. I've been using this computer & VISTA for almost three years now, and things worked just fine for me until December and I think I have spent more time "fixing" this thing than using it!!!

Sorry to run on like this, sort of venting, waiting to see if MSE finds anything today, then will run MBAM again. I do have a lappie I could sit next to this desktop and try to poke at the desktop with it offline, disconnected from the net, etc.

Thanks for listening! Please do let me know if anyone knows anything about this eke thing or its devil spawn, please at least let me know I have company in my misery.

BC AdBot (Login to Remove)

 


#2 richknobpots

richknobpots
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 08 March 2011 - 06:55 PM

Updating:

Posted Image

MSE caught this & removed it. Said it was ajava exploit. For whatever reasons, MSE decided to run itself two, maybe three times.

Running MBAM now with a fresh DB for it.

#3 richknobpots

richknobpots
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 08 March 2011 - 08:46 PM

Posted Image

MBAM refused to run full scan to completion, but quick scan found 9 things. Like eke... and its brethren.

Same stuff I had last week, but last week's MBAM dinna find it. :( Why me? I don't get out that much - is Facebook really THAT bad? I have a business page there, I never play games, and I never click on the Free IPod ads my infected friends send out...

not sure I'm done, but I'm going to keep posting my sage in case anyone else cares. Or I care again next week when eke is BAAAAACCCCK again!

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:31 PM

Posted 08 March 2011 - 09:46 PM

Hello
What version of JAVA is running?
Go into Control Panel> Programs > Uninstall a Program.
Go down the list and tell me what Java applications are installed and their version.

So MBAM never completed?

Let'so these..
TFC by OT (Temp File Cleaner)
Please download TFC by Old Timer and save it to your desktop.
alternate download link

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


Next an Online scan....

Please perform a scan with Eset Online Antiivirus Scanner.
This scan requires Internet Explorer,Opera or Firefox to work. Vista/Windows 7 users need to run Internet Explorer as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer.
  • If offered the option to get information or buy software at any point, just close the window.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply.
Note: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
If you did not save the ESETScan log, click Posted Image > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Click Ok and the scan results will open in Notepad.
  • Copy and paste the contents of log.txt in your next reply.
-- Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users