Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot find info on this bug - laeso.exe


  • Please log in to reply
3 replies to this topic

#1 allieddata

allieddata

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 30 September 2014 - 03:18 PM

I have an XP workstation that started flashing false browser windows and ads. This system has no internet access, but did months ago. Looking at the Task Manager, I see multiple instances of laeso.exe. Killing the processes  stops the windows - temporarily, but the process just reloads. Trying to edit the registry, it puts the deleted entries back. Must be a tough one.

 

The system is in a remote office 375 miles away, I can't start it in safe mode and run my various tools on it. It bugs me, though, that a search on that exe turns up nothing.

 

Tried running Rkill. Nope. TDSSkiller. Nope. Hmmmm....maybe be harder than I thought to clean this one.

 

Has anyone heard of this bug?


Edited by hamluis, 30 September 2014 - 05:10 PM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 JohnC_21

JohnC_21

  • Members
  • 24,819 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:11 PM

Posted 30 September 2014 - 03:58 PM

The only place that came up doing a search was on a scan from Virus Total from Norman. Norman Suspicious_Gen2.LAESO

 

Other software in the list show it as Adware or some kind of FakeAV. Have you tried Adwcleaner?

 

Edit: You said you could not start safe mode. Have you tried Msconfig. Type Msconfig in the run box. Under the boot.ini tab, Check Safeboot.


Edited by JohnC_21, 30 September 2014 - 04:03 PM.


#3 allieddata

allieddata
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 30 September 2014 - 05:05 PM

I found that one entry, everything else that came up was Danish, I think..

 

I tried msconfig. The bug just reinserts the entries. I have shut the system down, hopefully I can get someone up there to bring the system to me so I can work on it directly as this bug is persistent. I have Adwcleaner and Combofix both loaded on it, but as Rkill and Tdsskiller seem to have no effect, I am wondering if Adwcleaner or Combofix can actually do anything as the bug has some part that stays resident - which I thought Rkill would handle.

 

As soon as I can get this system in my hands I'll share all that I find. If no one else has seen this then it must be new or a variant of something else.

 

Thank you!



#4 JohnC_21

JohnC_21

  • Members
  • 24,819 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:11 PM

Posted 30 September 2014 - 05:42 PM

Bleeping computer does not recommend using Combofix unless under the supervision of a Malware Removal Expert in the Virus Removal Forum. If you cannot get rid of the infection, I would post a new thread there after reading the sticky posts on what logs to attach. Rkill should have worked but maybe this is a new process that Rkill does not work on. One other scan you may want to try is HitmanPro. It's very good and clearing active infections as it is cloud based. You would need an internet connection to do the scan. Good Luck.


Edited by JohnC_21, 30 September 2014 - 05:42 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users