Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

fsystem.exe and user account management popup


  • Please log in to reply
No replies to this topic

#1 Original20

Original20

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 13 June 2011 - 07:48 AM

Hi there,

i just wanted to inform anyone whom it may concern that if you have the user account management popup bugging you repeatedly wether to allow changes to a program called "fsystem.exe" or not, it is likely a trojan that will not be recognized by most programs, but according to virustotal it is at least detected and destroyed by a handful, even free programs (in my case it was AVG Free Antivirus 2011).

There are two files related to that trojan: nskusvc.exe located in user\username\appdata\roaming\microsoft\windows\templates...followed by numbers (5 digit underscore 5 digit) which is a service running under the same name ("nskusvc" service in taskmanager) and is normally not deletable, thus the folder containing AppData is also locked (access denied even to administrator). And there is the second file, "fsystem.exe" (also a process in taskmanager)which is deletable in its folder (c:\windows\Syswow64) but returning after some seconds - same goes with the process. Both are korean origin, "language korean" and seem to be part of a trojan (some sort of win32 agent). Most Antivirus-Scanners dont find them. But there is one free program according to virustotal.com who can find and destroy both:

All you gotta do is download AVG Free Antivirus 2011 and install it - it will find and delete that trojan without a scan, just immediately on first startup. Then you can keep it as virusprotection or not, whatever you like, but i read it is same protective like Norton and other high quality products (according to google).

regards,

Mariano

PS i still have to run several tests with other programs such as Malwarebyte's Anti-Malware scanner but for now it seems to be a sufficient first step.

Edited by Original20, 13 June 2011 - 08:38 AM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users