Posted 22 April 2011 - 02:26 AM
My sister was using her laptop today when all of a sudden a bunch of applications claiming to be security software appeared.
I immediately took the computer down and put it in safe mode.
Then I tried running HijackThis.exe to see if I could find a startup entry or BHO of some sort.
I have had no such luck.
However I did find out that the instigator of these actions was a rogue executable called nih.exe
So I ran Process Explorer to see if I could find the origin of this file.
It's masked such that it appears to be in C:\Users\<user>\AppData\Local, but it's being spawned from some other process in the system.
It's also generating WildTangent and ZoomBrowser folders in C:\ProgramData.
I tried to install some security software on the machine but got a fake error claiming that the application was designed for a 64bit architecture, when it's not (nih.exe spawned to let me know this).
This exe is spawned automatically when:
1. another application is started (even notepad).
2. when the computer starts.
The cause of this problem is unknown, her computer started acting up about 2 months ago (same sort of problem) but her norton AV kicked in and took care of it.
Now it's back with a vengeance.
My sister is an amazing artist and her computer is her medium.
I implore you, please help.