Possible trojan?
- Thread starter Clevin843
- Start date
- Status
The following line needs to be fixed with HJT by putting a tick in the box next to it then clicking on fix checked.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
The following entries are suspicious so I need you to tell me if you know and trust them or not.
O4 - HKLM\..\Run: [qpexlvms] C:\WINDOWS\system32\qpexlvms.exe
O4 - HKLM\..\Run: [oxmicuppfrp] C:\WINDOWS\system32\oxmicuppfrp.exe
O4 - HKLM\..\RunServices: [qpexlvms] C:\WINDOWS\system32\qpexlvms.exe
O4 - HKLM\..\RunServices: [oxmicuppfrp] C:\WINDOWS\system32\oxmicuppfrp.exe
This thread is for the use of Clevin843 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
The following entries are suspicious so I need you to tell me if you know and trust them or not.
O4 - HKLM\..\Run: [qpexlvms] C:\WINDOWS\system32\qpexlvms.exe
O4 - HKLM\..\Run: [oxmicuppfrp] C:\WINDOWS\system32\oxmicuppfrp.exe
O4 - HKLM\..\RunServices: [qpexlvms] C:\WINDOWS\system32\qpexlvms.exe
O4 - HKLM\..\RunServices: [oxmicuppfrp] C:\WINDOWS\system32\oxmicuppfrp.exe
This thread is for the use of Clevin843 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
I will do some more research into those entries. So far I have found nothing either good or bad about them.
This thread is for the use of Clevin843 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
This thread is for the use of Clevin843 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
After some consultation those entries do look to be bad.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
qpexlvms.exe
oxmicuppfrp.exe
qpexlvms.exe
oxmicuppfrp.exe
Close task manager.
Click start/run and type services.msc into the run box and press the enter key.
When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.
qpexlvms.exe
oxmicuppfrp.exe
qpexlvms.exe
oxmicuppfrp.exe
Close the services window.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O4 - HKLM\..\Run: [qpexlvms] C:\WINDOWS\system32\qpexlvms.exe
O4 - HKLM\..\Run: [oxmicuppfrp] C:\WINDOWS\system32\oxmicuppfrp.exe
O4 - HKLM\..\RunServices: [qpexlvms] C:\WINDOWS\system32\qpexlvms.exe
O4 - HKLM\..\RunServices: [oxmicuppfrp] C:\WINDOWS\system32\oxmicuppfrp.exe
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
O4 - HKLM\..\Run: [qpexlvms] C:\WINDOWS\system32\qpexlvms.exe
O4 - HKLM\..\Run: [oxmicuppfrp] C:\WINDOWS\system32\oxmicuppfrp.exe
O4 - HKLM\..\RunServices: [qpexlvms] C:\WINDOWS\system32\qpexlvms.exe
O4 - HKLM\..\RunServices: [oxmicuppfrp] C:\WINDOWS\system32\oxmicuppfrp.exe
Reboot into normal mode and rehide your protected OS files.
Post a fresh HJT log so i can check the result.
This thread is for the use of Clevin843 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
qpexlvms.exe
oxmicuppfrp.exe
qpexlvms.exe
oxmicuppfrp.exe
Close task manager.
Click start/run and type services.msc into the run box and press the enter key.
When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.
qpexlvms.exe
oxmicuppfrp.exe
qpexlvms.exe
oxmicuppfrp.exe
Close the services window.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O4 - HKLM\..\Run: [qpexlvms] C:\WINDOWS\system32\qpexlvms.exe
O4 - HKLM\..\Run: [oxmicuppfrp] C:\WINDOWS\system32\oxmicuppfrp.exe
O4 - HKLM\..\RunServices: [qpexlvms] C:\WINDOWS\system32\qpexlvms.exe
O4 - HKLM\..\RunServices: [oxmicuppfrp] C:\WINDOWS\system32\oxmicuppfrp.exe
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
O4 - HKLM\..\Run: [qpexlvms] C:\WINDOWS\system32\qpexlvms.exe
O4 - HKLM\..\Run: [oxmicuppfrp] C:\WINDOWS\system32\oxmicuppfrp.exe
O4 - HKLM\..\RunServices: [qpexlvms] C:\WINDOWS\system32\qpexlvms.exe
O4 - HKLM\..\RunServices: [oxmicuppfrp] C:\WINDOWS\system32\oxmicuppfrp.exe
Reboot into normal mode and rehide your protected OS files.
Post a fresh HJT log so i can check the result.
This thread is for the use of Clevin843 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
It worked, your HJT log is now clean.
Just to complete the cleaning process i need you to turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html
Then turn it back on again.
Let me know how your computer is running.
If you should have any other malware problems then post in this thread and i will get onto it right away.
This thread is for the use of Clevin843 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Just to complete the cleaning process i need you to turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html
Then turn it back on again.
Let me know how your computer is running.
If you should have any other malware problems then post in this thread and i will get onto it right away.
This thread is for the use of Clevin843 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
- Status
Similar threads
Latest posts
-
Logitech thinks the computer mouse needs an AI upgrade- kimo1 replied
-
Seagate's new Mozaic 3+ HAMR hard disk drives can last longer than conventional PMR HDDs- Squid Surprise replied
