Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Weird File And So Many Diffrent Reports


  • Please log in to reply
16 replies to this topic

#1 moomoo

moomoo

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 25 July 2006 - 06:08 PM

ok well im searching my system32 jsut looking around usual inspection and i find a suspicious file called "nx.exe" app name: NukeUxp *Nuke Your Xp*

i searched the net and it says something about a virus called backdoor.hale....and something on windows 2000 ooting called nx.exe just to let u kno IT IS NOT A PROCESS ITS A FILE cuz the net says sometimes its a process...scanned it wityh NOD32 and it picked up nothing

im running windows xp home with SP2

i really need help and i really dont want a HijackThis Log

BC AdBot (Login to Remove)

 


#2 moomoo

moomoo
  • Topic Starter

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 25 July 2006 - 06:14 PM

oh jesus...some more info...i right cliked properties...first off it waz created april 2004...modified 2003...and comments says avoid using this program...im scared as hell...its got copyright...© Saitiek(game controller) 2002..k well help

#3 bicycle bill

bicycle bill

  • Banned
  • 339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:25 PM

Posted 25 July 2006 - 07:10 PM

Well you should get rid of it because it is a trojan. Check out this link.

http://www.auditmypc.com/process/nx.asp

#4 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:06:25 PM

Posted 25 July 2006 - 07:27 PM

Why are you reticent about creating and posting a HJT log?
That is the best and most effective way to rid your computer of the malware infection.

In any case, try a few of the following online scans.
AV programs, by the way, are not all that effective against trojans - they are designed for viruses.

Panda Activescan
http://www.pandasoftware.com/activescan/co...n_principal.htm
http://www.pandasoftware.com/products/activescan.htm

Trend Micro antivirus and malware scan:
http://housecall-beta.trendmicro.com/en/st...orp.asp?id=scan

Ewido Online scan
http://www.ewido.net/en/onlinescan/

Trojan scans –
Sygate Trojanscan
http://scan.sygatetech.com/pretrojanscan.html


Windows Security Trojanscan
http://windowsecurity.com/trojanscan
See instructions for it here:
http://www.windowsecurity.com/trojanscan/trojanscan.asp

Parasite scan from Aumha:
http://www.aumha.org/a/noads.php
or here:
http://www.aumha.org/win5/a/noads2.htm

You must use Internet Explorer to run the scans as they require Active X.
If prompted, allow the Active X plugin to load for each.

In addition to your anti-virus program you should have several if not all of the following anti-malware aps on your computer.
Each operates in a different manor and each may find malware the others may not. The ones that give realtime protection like Windows Defender, Spybot (with Teatimer enabled) and Ewido Anti-malware are the most critical to have. These are all freeware, by the way:

Anti-malware freeware
(You can run as many of these as you wish. Generally there is no conflict between these and you should always run several since each may find malware that the others may not find)

Ad-Aware SE Personal - freeware
http://www.lavasoft.com/
Click on Adaware SE Personal in “Products” on the left side of the page
Or it may be easier to find it here:
http://fileforum.betanews.com/detail/Adawa...nal/965718306/1


Spybot S&D: http://www.safer-networking.org/en/index.html
Be sure to enable “Teatimer” which gives you realtime protection against malware invasion. (absolutely necessary)

Microsoft Windows Defender
http://www.microsoft.com/athome/security/s...re/default.mspx
This also provides realtime protection. (absolutely necessary)

Ewido Antispyware Free
http://free.grisoft.com/doc/20/lng/us/tpl/v5

SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html

Microsoft Malicious Software Removal Tool (Win XP and Win 2000):
http://www.microsoft.com/security/malwareremove/default.mspx

A˛ - Free from http://www.majorgeeks.com/download4281.html . Run it, click Search for Updates, then click Scan.

#5 moomoo

moomoo
  • Topic Starter

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 26 July 2006 - 05:58 AM

yea lalw just found out 2...im gonna leave it...i kno it sounds crazy but ive had it for 2 years...its nvr executed adn i h8 deleting things outta system32 but thanx alot im gonna scan

#6 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:06:25 PM

Posted 26 July 2006 - 06:02 AM

Did you ever install a Saitek game controller?

#7 ThorXP

ThorXP

  • Banned
  • 880 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 26 July 2006 - 06:09 AM

moomoo, I think I know why you do not want to do a HijackThis, Are you using an illegal version of Windows? I think you are. In the problem you have a HijackThis log is the best way to solve your problem and should be used.

I am proposing that you should do a HijackThis log basically because this is the best and easiest way to accomplish getting your computer repaired and if you refuse then there should be no tech support for your problem. But this is just my opinion.

I suggest you post a HijackThis log for examination.
A member of the HijackThis Team will walk you through, step by step, how to disinfect your computer.
Once you post your log, don't make any changes to your system, as that could change the results of the posted log, making it difficult to properly clean your system.

Read Preparation Guide for use before posting a HijackThis Log.
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Please read, and follow, all directions carefully!!!

Then, run a log, and post it in the HijackThis forum, at this link below.
http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/ Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
It may take a while to get a response, because the HJT Team are very busy. Please, be patient, as these people are volunteers. They will help you out, as soon as possible.

NOTE:

Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.

#8 moomoo

moomoo
  • Topic Starter

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 26 July 2006 - 06:57 AM

OMFG HELL NO!!!! BUDDY IM 12 HOW AM I SUPPOSED TO GET AN ILLEAGEL VERSION OF WINDOWS!!!! MY DADS A COP!!! IT IS NOT ILLEAGEL!!! AND ITS BECUZ EVR SINCE MY ZONE ALARM PROBLEM IM NOT SUPPOSED TO DOWNLOAD NOWT!!! I KNO ITS SAFE BUT NOW EVEN IM SCARED TO DOWNLOAD!!! IT IS NOT ILLEAGEL!!!!

i kno wat the thing is...and yea i have a satiek game controller? would that bwe it? and even if it isnt that..im leaving it ive scanned wit norton jotti and nod and picked up nowt...and ive had for 2 yearsa and its acausing no problems

#9 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:06:25 PM

Posted 26 July 2006 - 07:45 AM

In a previous post you posted that it was a Sateik game controller:

oh jesus...some more info...i right cliked properties...first off it waz created april 2004...modified 2003...and comments says avoid using this program...im scared as hell...its got copyright...© Saitiek(game controller) 2002..k well help


Leave it alone.

#10 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:05:25 PM

Posted 26 July 2006 - 01:05 PM

Are you using an illegal version of Windows? I think you are


And I think what you think is largely irrelevant. I'm so very curious as to who appointed you to the Internet police? The truth is that we help anybody that needs help, unless it is blatantly obvious that a member is invloved in illegal activites. And until things reach that point, we don't make accusations. You have been here long enough to know that by now. So let's quit with the accusations, shall we?

moomoo, with the exception of one member, nobody is accusing you of anything. Aside from that, the rest of the advice is correct.... whith the proper information, we can help you figure out your issue. If you choose not to take any of the advice, that is fine, but keep in mind that there are many other members here that are willing to take our advice and accept our help. Unless you choose to do the same, you are just wasting our time.

Also, please do not type in caps, and please use proper grammar. Many of our members come from other countries and use web-based translators to understand your post. The one person that may be able to help you can't because they will not be able to understand your post.

#11 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:07:25 PM

Posted 26 July 2006 - 02:50 PM

Hi moomoo!

I'm 54 years old - and some of my best internet friends are as young as 16. They have much more knowledge in some areas than I do. But, as long as they treat me nicely, I treat them nicely and we all get along

You mention that you've had this file for 2 years. How do you know that? From the file properties? That's not a real good indicatore - especially if it is a virus. The virus writers are tricky and do their best to fool everyone - so little tricks like this are common place.

More importantly - you've used at least 2 good antivirus programs that haven't picked it up. Have you told one of the to scan that particular file? If it still comes up negative (and your virus definitions are updated), then I'd presume it was your game controller and leave it alone.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#12 moomoo

moomoo
  • Topic Starter

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 26 July 2006 - 04:12 PM

hey and yes....its quite confusing but that is the problems im getting millions of diffrent reports...ill explion it to my knowledge of it...it is copywritten by saitiek but looks like its crafted by a virus(a picture of a bomb on it, comments are "do not open this file", and apparently it waz installed in 04 and modified in 03?). i know for sure it has been there for 2 years as i have seen it there 2 years ago. As for scanning the scanners have been prompted to scan the 1 file...i have used NOD32, Jotti(a whole bunch of diffrent scanners), and Norton and it has found nothing. i have checked all my registry keys and files (turning show my hiddens on) and have found no reminence. my friend owns his own computer company and he thinks its a trojan but the trigger hasnt been placed on it yet...i still have no clue...its either my saitiek controller or backdoor.hale..id really appreciate your help.

thanks,

~moomoo

#13 moomoo

moomoo
  • Topic Starter

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 28 July 2006 - 06:27 AM

well ive gotten no responses so do you think i should run a HJT?

#14 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:06:25 PM

Posted 28 July 2006 - 06:36 AM

Posting a HJT log will enable our HJT experts to analyze your log and possibly determine if you have a problem or not.

As suggested, that is the best thing you can do.

Did you run the web based trojan scans I suggested in an earlier post?

Trojan scans – Use Internet Explorer only.

Sygate Trojanscan
http://scan.sygatetech.com/pretrojanscan.html


Windows Security Trojanscan
http://windowsecurity.com/trojanscan
See instructions for it here:
http://www.windowsecurity.com/trojanscan/trojanscan.asp

Parasite scan from Aumha:
http://www.aumha.org/a/noads.php
or here:
http://www.aumha.org/win5/a/noads2.htm

Again, a Hijack This log posted in our HJT forum will give you the best chance of fixing a problem, if you have one.

#15 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:07:25 PM

Posted 28 July 2006 - 07:43 AM

One idea is to send a file to Virus Total for analysis:

LINK

You will see a browse button and a send button on the top of that web page,
so you can send a file up to 10MB for analysis of malicious software.

Files up to 15 MB can be sent to JOTTI for analysis.

This will not require any downloading on your part, it will however require uploading a copy of the file to Virus Total or Jotti.
ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users