Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hzufhlwpoapk?


  • Please log in to reply
8 replies to this topic

#1 tazerx

tazerx

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 27 October 2014 - 03:08 PM

Hello, Thank you for the help in advance. I apologize that this is my first post.

My computer has this process labled 'hzufhlwpoapk.exe.32' running multiple times. I goggled and haven't found anything...Its definitely not a good thing as my system resources have gone down tremendously. The description is labled google chrome? and I don't event have google chrome running. I have hijack this and combo fix if you'd like my logs posted. In advance I thank you for the help.



BC AdBot (Login to Remove)

 


#2 ddrafts01

ddrafts01

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 27 October 2014 - 03:31 PM

Something like this happened to me on Friday and again today.

 

From my research on my PC.

It creates a directory in Users\appdata\locallow\emiesitelist emieuserlist and the Microsoft directory's, if you have iTunes installed it will also put a DLL file in the users\appdata\locallow\apple folder.  Under Microsoft their are three directory's. In most of the folders there is a copy of your users folder.  In another their is a rundll32.exe and another exe that is a random 6 creatures.  The only way I got it to stop was with Process Explorer.  I kept stopping the rundll32.exe and started to delete the directory's.  I do have two of the folders Zipped up if anyone wants to look at them.

 

I do not have any idea what it is doing.  but in Chrome it added GoSave 2.0 extension.  That I cannot seem to uninstall.

 

Thanks

Doug



#3 tazerx

tazerx
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 27 October 2014 - 03:36 PM

Doug,

 

Did you post up anything regarding this? Also, you do have chrome installed? I don't....



#4 ddrafts01

ddrafts01

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 27 October 2014 - 03:38 PM

I have Chrome installed.  But I was in IE when it started.



#5 tazerx

tazerx
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 27 October 2014 - 03:44 PM

Doug,

 

Are multiple process of this running?

 

Is this file located?

C:\Users\myuser\AppData\LocalLow\EmieUserList\Slkkhegjbzvv\szdmocovrwh

 

Do you have that as well? Did you try scanning? I did w/a spybot, combo, avira, superanti, everything....nothing comes back.



#6 ddrafts01

ddrafts01

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 28 October 2014 - 06:17 AM

Yes there were a lot of them. 

 

That is one place that it is installed.

The other is

C:\Users\ddrafts\AppData\LocalLow\EmieSiteList

C:\Users\ddrafts\AppData\LocalLow\Microsoft  ( you will see three to four folders here.)

C:\Users\ddrafts\AppData\LocalLow\Apple ( here was a DLL file)

C:\Users\ddrafts\AppData\LocalLow\Adobe

 

I did scan with MalwareBytes and others and they did not find anything either.

 

But I do have two of the folders Zipped up if anyone wanted to take a look at them.

 

The one thing that I find strange is that in one of the folders it has downloaded an old version of Chrome.  Version 36.0.1985.143



#7 bluzader

bluzader

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 28 October 2014 - 12:08 PM

Okay. I have the same problem, but my file name is Vihhandwzbk.exe. It started running multiple versions of itself and it is also labeled Google Chrome. These files are constantly running and changing taking up memory. No matter how many processes I delete, more keep popping back up.
 
I do NOT have Google Chrome installed, nor have I ever installed it. Similarly, I found problems in:
C:\Users\bluzader\AppData\LocalLow\EmieSiteList
C:\Users\bluzader\AppData\LocalLow\EmieUserList
C:\Users\bluzader\AppData\LocalLow\Microsoft 
C:\Users\ddrafts\AppData\LocalLow\Apple Computer 
 
Also, 2 versions of regsvr32.exe were running
 
I rebooted in safe mode, deleted these files, but once I rebooted into regular mode, they came back.
 
I've tried to research this virus, but haven't come up with anything. I suspect it's the same and just uses different names for the files. Any help is appreciated.



#8 SmoothSailor

SmoothSailor

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 29 October 2014 - 02:48 PM

I had this same issue with a different *.exe file name and different subdirectory names.  I believe I fixed it now, finally.  I had to boot up in Safe Mode and go into my DOS with the cmd.exe command line.  You will need to recall your DOS commands do it this way.

 

I then changed directories until I got to those subdirectories under \Emiesitelist\*.*.  I then kept deleting everything I could under that directory.  If you do not delete enough of the files, they will regenerate and come back again in your Task Manager.

 

It is difficult and time consuming to work in DOS.  However, how can I access that subdirectory from Windows Explorer?  I am set up to see hidden files and folders, but I cannot see that particular folder from Windows Explorer: "Emiesitelist".  Please advise so I can delete all the folders and files in there.



#9 tazerx

tazerx
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 01 November 2014 - 02:40 PM

I was able to get rid of this I think by running HitMan Pro in safemode(that's the only one that worked). Please try that and see if it's gone. Worked for me so far.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users