Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

1.exe In Windows System Configuration Utility


  • Please log in to reply
8 replies to this topic

#1 emersonian

emersonian

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 11 April 2007 - 04:02 PM

Greetings to everyone. thanks for reading my first post!

I've read on the Web that this "1" that comes up in Windows System Configuration Utility (Windows XP) is potentially harmful to my computer. To that end, I have two basic questions. (1) Is this true and (2) If so, how do I get rid of it? I've already disabled it from WSCU.

Regards,

John

BC AdBot (Login to Remove)

 


#2 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:09:51 AM

Posted 11 April 2007 - 04:14 PM

Posted Image to BC

Process File: 1.exe or 1
Process Name: Trojan.W32.Tooso

1.exe is a process which is registered as the TROJ_SUA.A worm. This virus is distributed via the Internet through e-mail and comes in the form of an e-mail message, in the hopes that you open its hostile attachment. The worm has its own SMTP engine which means it gathers E-mails from your local computer and re-distributes itself. In worst cases this worm can allow attackers to access your computer, stealing passwords and personal data. This process is a security risk and should be removed from your system.


http://www.liutilities.com/products/wintas...ocesslibrary/1/

Trojans are very dangerous because they provide a means of accessing a computer system that bypasses security mechanisms. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge. If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately to include those used for email, eBay and forums. You should consider all your passwords to be compromised. They should be changed by using a different computer and not the infected one. Do not change passwords or do any transactions while using the infected computer because an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breech.

Download and scan with SUPERAntiSypware Free for Home Users

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Udates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
* When done, select "Scan for Harmful Software".
* There are three scanning options. Choose "Perform Complete Scan" and click "Next".
* When done, a Scan Summary will appear with potentially harmful items that were detected. Click "OK".
* Make sure they all have a checkmark next to them and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* Click Preferences and then click the statistics/logs tab.
* Click the dated log and press View log. A text file will appear so you can see the results.
* Select close to exit the program.
* Scan in SAFE MODE

After that, download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in SAFE MODE using the F8 method.

Scan with DrWeb-CureIt as follows:

* Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
* Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
* Once the short scan has finished, Click Options > Change settings
* Choose the "Scan tab" and UNcheck "Heuristic analysis"
* Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
* Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
* When done, a message will be displayed at the bottom advising if any viruses were found.
* Click "Yes to all" if it asks if you want to cure/move the file.
* When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
* Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
* Save the DrWeb.csv report to your desktop.
* Exit Dr.Web Cureit when done.
* Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

#3 emersonian

emersonian
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 11 April 2007 - 04:51 PM

Hi fozzie. Thanks for the help. but i'm still confused about one thing. After the instructions on how to use Superantispyware, your advice is to "scan in safe mode." Do you mean to restart the computer in safe mode and then scan with my regular anti-virus program or to restart the computer in safe mode and run Superantispyware all over again?

Regards,

John

#4 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:09:51 AM

Posted 11 April 2007 - 05:26 PM

Yes scan with SuperAntiSpyware in safe mode

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:51 AM

Posted 12 April 2007 - 06:58 AM

Then perform this online Virus scan: F-Secure Online Scanner.
[Watch the Address bar in IE. You may receive alerts that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component.]
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 emersonian

emersonian
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 12 April 2007 - 05:29 PM

Then perform this online Virus scan: F-Secure Online Scanner.
[Watch the Address bar in IE. You may receive alerts that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component.]


I did what fozzie told me to do and, lo and behold, my computer was infected with various bugs. However, when I go Run >> MS Config, the 1 extension is still showing, though it is unchecked. does this mean it is still on my computer? There was one Trojan that Dr. Web couldn't kill. I moved it to the Quarantine folder. It's called CompiledAutoIt Script. Could this be it? If not, do you think the scan you advised me to use will work for 1.exe?

Regards,

John

#7 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:09:51 AM

Posted 13 April 2007 - 02:10 AM

please read and follow all instructions in the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". You may have performed some of these steps already. About half way down are instructions for downloading HijackThis and creating a log.

When you have done that, post a log in the HijackThis Logs and Analysis Forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the HijackThis log that lists version information. An expert will analyze your log and reply with instructions advising you what to fix.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

If after 5 days you still have received no response, then post a link to your HJT log here.

After posting a log you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc.) unless advised by a HJT Team member. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make may cause confusion for the member assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

#8 emersonian

emersonian
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 13 April 2007 - 01:29 PM

Ok, fozzie. But it may take a day or two. Thanks for your continued consideration.

John

#9 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:09:51 AM

Posted 13 April 2007 - 02:23 PM

Do not post it here but in the HijackThis Logs and Analysis Forum. After you have posted do not make any changes to your system since this will confuse the person helping you




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users