Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Task Manager Process "orlyip.exe *32"


  • Please log in to reply
11 replies to this topic

#1 Adirondack

Adirondack

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 10 February 2014 - 01:45 PM

A co worker is experiencing high physical memory & CPU usage.  There are often 3 instances of a process named "orlyip.exe" that are using up more memory than any other processes.  I get no results when I search on that process name.   Does anyone have information about this process?

 

Thanks


Edited by hamluis, 11 February 2014 - 05:42 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 Adirondack

Adirondack
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 10 February 2014 - 02:10 PM

Task Manager Description = "Ien Meramkel Antibibus"

 

Processes start back up in Task Manager after "End Process" is performed on all 3 instances.



#3 hamluis

hamluis

    Moderator


  • Moderator
  • 56,111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:10:03 AM

Posted 10 February 2014 - 03:40 PM

I find no hits of substance on either of those two phrases you cite, which is somewhat unusual, IMO.  You sure about those spellings?

 

Louis



#4 Adirondack

Adirondack
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 10 February 2014 - 06:19 PM

Thank you for taking a look at this.  Attached is a snapshot of the task manager window and orlyip.exe file properties.  It looks like it might be a foreign language.

 

 

Attached Files



#5 hamluis

hamluis

    Moderator


  • Moderator
  • 56,111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:10:03 AM

Posted 10 February 2014 - 06:49 PM

Well...I had put "Ien Meramkel Antibibus" in Google Translate and it only returned the same exact phrasing.

 

I see no high RAM or CPU usage as I look at your screenshot.

 

Louis



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:03 AM

Posted 10 February 2014 - 07:10 PM

Windows Task Manager does not provide enough information. These are tools to investigate running processes, programs that run at startup, services and gather additional information to identify them or resolve problems:These tools will provide information about each process, CPU usage, file description and its location. Most of them are stand-alone apps in a zip file so no installation is necessary.

-- System Explorer provides a security check of running processing using their online security database when you first launch the program. Just press the Security Scan tab at the top, then click Start Security Check. After the check you can click the link to See the results of the security check >>. Keep in mind, that the check is not a guarantee of what is or is not detected as malware.

-- Process Explorer shows two panes by default: the upper pane is always a process list and the bottom pane either shows the list of DLLs loaded into the process selected in the upper pane, or the list of operating system resource handles (files, Registry keys, synchronization objects) the process has open. In the menu at the top select View > Lower Pane View to change between DLLs and Handles.

Right-clicking on a process in ProcessHacker or System Explorer allows you to send it (File Check) to Jotti's virusscan or VirusTotal. Process Hacker also allows sending it to Camas Comodo.

Right-clicking on a process in Process Explorer or AnVir TaskManager Free allows you to send it to VirusTotal.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Adirondack

Adirondack
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 11 February 2014 - 07:10 AM

Thank you hamluis & quietman7.  I will send this thread to my co-worker. 



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:03 AM

Posted 11 February 2014 - 07:24 AM

You're welcome on behalf of the Bleeping Computer community.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 OldPhil

OldPhil

    Doppleganger


  • Members
  • 4,130 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Long Island New York
  • Local time:11:03 AM

Posted 11 February 2014 - 07:36 AM

Not sure if this will get anyone pointed!

 

http://foofind.com/en/download/0JTFjse-NiKV6p1x/ORLY.exe.html

Found using AVG search


Edited by OldPhil, 11 February 2014 - 07:39 AM.

Honesty & Integrity Above All!


#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:03 AM

Posted 11 February 2014 - 08:28 AM

Note the spelling....that link is for orly.exe. Adirondack is concerned with orlyip.exe.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 OldPhil

OldPhil

    Doppleganger


  • Members
  • 4,130 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Long Island New York
  • Local time:11:03 AM

Posted 11 February 2014 - 08:32 AM

Ooops!


Honesty & Integrity Above All!


#12 dls62

dls62

  • Members
  • 623 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Berkshire, UK
  • Local time:04:03 PM

Posted 11 February 2014 - 11:46 AM

I've done a little bit of research.  Using a slight variation on the task manager description above gives a number of hits for W32/Rovnix and Zbot.

 

I think this topic is related - http://www.bleepingcomputer.com/forums/t/523435/iermeramkel-antibibus/.


Edited by dls62, 11 February 2014 - 05:15 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users