Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

strange app running


  • Please log in to reply
6 replies to this topic

#1 mjd2k

mjd2k

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 15 April 2014 - 05:24 PM

I have an app running on my PC

WINE7E2.EXE

It hogs at least 50% of my cpu.

I can kill it in task manager but when I found the actual exe file in the cyberlink folder and tried to delete it, I could not. Said I do not have permission.

It was installed there on march 22

I cannot download anything, adaware for example. Says I do have permission.

I ran malwarebytes and it found a couple of Trojans and quarantted them. They were hijack Trojans.

When I connect to the interenet, my IE goes crazy and starts opening a ton of instances with errors.



BC AdBot (Login to Remove)

 


#2 mjd2k

mjd2k
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 15 April 2014 - 05:25 PM

When I google WINE7E2.EXE I do not get any hits.

To me, I wonder if someone created a personal exe on the PC?



#3 mjd2k

mjd2k
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 15 April 2014 - 05:36 PM

I just tried to download adaware and got the message "adaware_installer.exe" couldn't be downloaded"



#4 mjd2k

mjd2k
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 15 April 2014 - 07:39 PM

Ok, so I ran some of the programs recommended to others

 

rkill showed it stopped the wine72e.exe program.

 

Now when I do a restart, I get a message saying wine72e.exe has a problem and windows is checking for a solution. Which of course it does not find.

 

It also showed every aspect of my security is shut down.

Windows defender, firewall, etc.

 

When I try to open defender, I get msg stating "application failed to start..........."

when I try to open security center, I get that I can't open it either

 

The mbar showed two Trojans

Trojan.agent.ed (two installs)

 

I'll run adaware next.



#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:22 AM

Posted 15 April 2014 - 08:55 PM

Hello -

Please try this run of programs (if you can) and Copy and Paste any logs.

 

Download Screen317 Security Check and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If any security program requests permission to access the Internet, allow it to do so.

 

 

When you run RKill, please do not reboot in any way, but do a Malwarebytes Anti-Malware scan on top of it.

RKill is designed to stop any malware / generally bad program and hold it while the next program runs.

 

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

* Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

NOTE - If normal mode still doesn't work, run the tool from safe mode.
When the scan is done Notepad will open with rKill log.
Post it in your next reply.
NOTE. rKill.txt log will also be present on your desktop.

 

Now: Scan with ESET Online Scan
1. Please go to Here to run the online scannner from ESET.
2. Temporarily Disable Your Anti-virus while performing the online scan
3. Tick the box next to YES, I accept the Terms of Use.
4. Click Start
5. When asked, allow the ActiveX control to install
6. Click Start
7. Under scan settings, check Scan Archives and Remove found threats
8. Click on Advanced Settings and ensure these options are ticked:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

9, Click Scan
10. Wait for the scan to finish. This will take quite a while to download the program and then updates for a first scan.
11. If any threats were found, click the 'List of found threats' , then click Export to text file....
12. Save it to your desktop, then please copy and paste that log as a reply to this topic.

If no problems are found just tell us.

 

 

Download TDSSKiller and save it to your desktop.

  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt.
    Please copy and paste the contents of that file here.


#6 mjd2k

mjd2k
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 17 April 2014 - 03:13 PM

Thanks for your reply Aussie Addict.

After I last posted and before I read your reply, I downloaded Norton Power Eraser and ran it on the infected PC.

As of now, it has been running fine for a day or so.

The NPE zeroed in on "wine72e.exe" and deleted it (at least it states that it did). It also found a file "uhvvsm.dll" that it stated was a known threat and deleted it also.

The Rkill had found a couple of Trojans and deleted them, then the NPE got rid of that brutal "wine72e.exe" that no one has ever heard of.

Will see what happens going ahead.Fingers are crossed. Daughters computer and she had just basically let it get to the point of not usable anymore.

#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:22 AM

Posted 17 April 2014 - 04:48 PM

Thanks for the update -

 

I will keep a watch here for a few days just to be sure .......






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users