Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

what is this?


  • Please log in to reply
9 replies to this topic

#1 rmcdiarmid

rmcdiarmid

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 18 November 2004 - 12:12 AM

Hello all - Am I glad that I found this website! I started off by trying to find out a few things about inetkw -which this site and it's posts were most helpful - NOW - i am having a problems with qxxqsopu.exe and a qqowtxwt.exe !!!! I used hijackthis and got rid of all the "stuff" - but - what is it? where did it come from? Any ideas people??? If i sound frustrated I am - just had to "tick" over 2000 boxes on hijackthis.......... :thumbsup:

BC AdBot (Login to Remove)

 


#2 jgweed

jgweed

  • Staff Emeritus
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:12:51 AM

Posted 18 November 2004 - 12:49 AM

Do you have a resident AV installed and loaded with the current definitions?
Do you have a resident Firewall installed?
Do you have some Spyware applications installed?
Do you have adequate browser security settings?
Do you download stuff with a P2P application?
Do you read the EULA for any application or program you d/l, and do you check Google for user opinions before you do it?
Do you exercise care in reading Email, and have appropriate settings enabled?

No, to any of the above, and that might point you in the right direction to determine how and why these got on your computer. Almost all the malware that lands on your computer is the result of user actions, or inactions.
Best regards,
John
Whereof one cannot speak, thereof one should be silent.

#3 rmcdiarmid

rmcdiarmid
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 18 November 2004 - 04:25 AM

I have to confess ignorance.....resident AV? Am assuming you mean Anti-Virus?
To everything else - my settings are up to snuff. And I have Adaware and Spybot.
Do use a p2p application - I am thinking that is the culprit.
But has hijack solved the problem? I have searched my system to the best of my ablitity (the ability is what concerns me as well) and couldn't find any signs of these .exe.

Any way I can check otherwise and delete?

Thanks for the reply John.

#4 Scarlett

Scarlett

    Bleeping Diva


  • Members
  • 7,479 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:As always I'm beside myself ;)
  • Local time:12:51 AM

Posted 18 November 2004 - 08:54 AM

Just to let u know. Resident AV is an antivirus program. You need a firewall too. Free Avg (antivirus) and Zone Alarm (firewall) are wonderful and Free! They come highly recommended.

Check out this link. (Simple Steps To Keep Your Computer Secure)

http://www.bleepingcomputer.com/forums/t/1628/simple-steps-to-keep-your-computer-secure/

Edited by scarlett, 18 November 2004 - 09:20 AM.

Posted Image

#5 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:11:51 PM

Posted 18 November 2004 - 09:18 AM

What AV (Antivirus) are you using?
When you download from the p2p, do you scan the file with your AV, before opening it?

Run these online virus scanners:
http://www.pandasoftware.com/activescan/
http://housecall.trendmicro.com/


I did a search on those 2 files, and came up with nothing. That's a bad sign.
You might want to post another HJT log.
Read the pinned post in the HJT forum, here
Then, run a new log, and post it in the HJT forum, here. Do not fix anything, yet.
A member, of the HJT Team, will help you out.
Please, be patient, these people are volunteers. They will help you out, as soon as possible.

Also, do as scarlett said, and check out that link.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#6 rmcdiarmid

rmcdiarmid
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 20 November 2004 - 08:06 PM

Thanks for all the great input...
I do use zone alarm for my firewall,
and use Norton as an antivirus program

and stupidly - I have gotten out of the habit of scanning my p2p files before opening them...

am going to be running another hjt log...BUT - have to admit am a little freaked out to do it again...... :thumbsup:
and I am checking out those links.

Once again - thanks for the input.
Ronda

#7 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:11:51 PM

Posted 20 November 2004 - 08:25 PM

You're welcome.

With Norton:
Do you scan for updates manually?
Do you have it set to automatically scan for updates?

If set to automatic:
People have been having problems, with Norton, not downloading all available updates. It would be a good idea to get in the habit of checking manually, at least once a week, just to be sure. (double click the Norton icon in the task bar, and click "Live Update")
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#8 rmcdiarmid

rmcdiarmid
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 22 November 2004 - 01:35 PM

I have my Norton to scan and get live updates once a week - but have been doing it manually and downloading updates for the last few weeks....
btw - I did run the hjt - and none of those .exe were lurking in there - soo - am assuming that doing that and running my computer through safe mode to get rid of them - solved the issue.........

#9 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:11:51 PM

Posted 22 November 2004 - 02:42 PM

I re-read your first post, and see that you used HJT to "fix" some "stuff".

One thing, about the use of HijackThis, you must NEVER attempt to fix stuff using HijackThis, until someone who is experienced at reading the log outputs has a chance to review it.

Fixing the wrong items can make a computer unbootable. Not recognizing CoolWebSearch
varients, can just make things reinstall, and there are very many subtle items that can only
be recognized with experience

Spaces, extra characters, spelling, file location, plus numerous other subtle changes,
all make the difference between a good or bad file entry.

Some say HijackThis is an excellent utility for removal of Browser Hijackers.
This is a definite misconception. How do you think that a 150KB program can contain the
database, removal instructions, and tools that takes Norton Antivirus or Spybot Search
and destroy 15MB plus to accomplish?
Hijack this is an ennumerator. It lists what is found in certain areas of the registry, or
system files, in an easily accessible manner, so that those familiar with the use and reading
of HijackThis logs, and windows programs, can determine what is infecting the machine, and
how to remove it.

The Hijack this page, although a great description of what hijack this detects, perpetuates
the authors misconception that it is a removal tool . It will indeed remove the entries
listed, but that does not cure the underlying problem. The problem must be properly
identified first, and cured, prior to removing the entries with HJT. Otherwise you leave the
infection, and remove the keys which are needed to identify, and remove it .

I cringe at the frequent advice to allow hijack this to fix things (especially based on the "you
do not recognize" reasoning). This removes any hope of having a professional, or another
removal tool, identify and remove the problem.

Hijack this should only be used to clean up the entries left behind, after you have properly
removed the offending program, file, trojan, worm, hijacker etc. And this usually requires
help.

Edited by tg1911, 22 November 2004 - 02:43 PM.

MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,540 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:51 AM

Posted 23 November 2004 - 10:28 AM

Moved this post to a more appropriate forum




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users