Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 10, don't know how to get rid of Geunfy.exe & friends


  • Please log in to reply
2 replies to this topic

#1 maromid

maromid

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:52 AM

Posted 18 September 2016 - 03:03 PM

By what I can see in Task Manager, Geunfy.exe, Yurejjaeb.exe and sometimes Yjetipudl.exe just aren’t going away. These usually reappear within seconds if I try to end them, and Geunfy.exe is apparently running some service called Noije, which when I try to stop it, prompts me with an “Unable to stop service/The operation could not be completed/The requested control is not valid for this service” dialog.

I’m pretty sure I picked all this up somehow while visiting a keygen site yesterday. All of this descended on me at once a couple of minutes afterwards, at least from what I could observe.

Apparently part of this infection involved installing some garbage malware removal tool (I can't recall what it was named, sorry). First I uninstalled that and then allowed Group Policy to run Windows Defender again. I updated its definition list and removed whatever Defender could identify, and used Programs and Features to remove several other programs that had installed themselves. Apart from downloading that definition list update, I have kept my laptop disconnected from any network and have avoided opening any browsers. At this point, Defender thinks everything is clean and doesn’t seem to be of any further use, though Geunfy.exe is certainly still there and hogging a minimum of 70% of my CPU at the very least.



BC AdBot (Login to Remove)

 


#2 kaljukass

kaljukass

  • Banned
  • 291 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:52 AM

Posted 18 September 2016 - 04:33 PM

You're not the only one:

  • C:\Users\User\AppData\Roaming\Geunfy\Geunfy.exe
  • C:\Users\User\AppData\Roaming\Geunfy\Yurejjaeb.exe
  • C:\Users\User\AppData\Roaming\Geunfy\Yjetipudl.exe

Source:

Hopefully the professionals help you. (I'm simple user)


Edited by kaljukass, 18 September 2016 - 04:42 PM.


#3 maromid

maromid
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:52 AM

Posted 19 September 2016 - 07:17 PM

Thanks for the link, kaljukass! I missed that one. I followed xXToffeeXx's instructions, found nothing in AdwCleaner's results that I wanted to keep, and let it clean all that up. Then I restarted and booted up from a Windows 10 image I have on a flash drive, went into the command line from there, and removed the Geunfy dir from C:\Users\User\AppData\Roaming\.

 

Here are the results of the FRST scan afterwards: https://www.codepile.net/pile/ql6mkBEd It was too long to include everything. Starting at line 1200 was a list of 65536 temporary .exes, out of which I've included the first five and last two entries. In between, lines 1206-1208 are .exes with file names that didn't match with that list. Everything else from that scan is included in the paste there.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users