Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 Internet Security (NIH.exe)


  • This topic is locked This topic is locked
2 replies to this topic

#1 Hxrmn

Hxrmn

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:23 PM

Posted 22 April 2011 - 02:26 AM

Greetings BC:

My sister was using her laptop today when all of a sudden a bunch of applications claiming to be security software appeared.
I immediately took the computer down and put it in safe mode.

Then I tried running HijackThis.exe to see if I could find a startup entry or BHO of some sort.
I have had no such luck.

However I did find out that the instigator of these actions was a rogue executable called nih.exe

So I ran Process Explorer to see if I could find the origin of this file.
It's masked such that it appears to be in C:\Users\<user>\AppData\Local, but it's being spawned from some other process in the system.

It's also generating WildTangent and ZoomBrowser folders in C:\ProgramData.

I tried to install some security software on the machine but got a fake error claiming that the application was designed for a 64bit architecture, when it's not (nih.exe spawned to let me know this).

This exe is spawned automatically when:
1. another application is started (even notepad).
2. when the computer starts.

The cause of this problem is unknown, her computer started acting up about 2 months ago (same sort of problem) but her norton AV kicked in and took care of it.
Now it's back with a vengeance.

My sister is an amazing artist and her computer is her medium.
I implore you, please help.

BC AdBot (Login to Remove)

 


#2 Hxrmn

Hxrmn
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:23 PM

Posted 28 April 2011 - 07:42 PM

I've solved the problem (found restore points in the windows recovery menu at system boot screen).

Please close / lock this thread.

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:23 AM

Posted 29 April 2011 - 05:02 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users