• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
jobby

microsoit file

6 posts in this topic

:gasp: I've got this file stuck in my register. Whenever I use the shredder, spybot, hijack this or buster it still returns. I've searched the pages on spi but cannot find ref to this file.

 

The file is connected to microsoit.

 

The file name is ucnbhmee.exe

 

Anybody?

Share this post


Link to post
Share on other sites

As an add on to this post it would now seem that I cannot connect to spywareinfo directly by typing in the address bar www.spywareinfo.com

 

To make sure I had the right address I ran a search on google but could not access it from there either.

 

I access spywareinfo to post this message by /index.php that works.

Share this post


Link to post
Share on other sites

We need a closer look at what's happening.

Please download Hijack this

Copy it into its own folder, doubleclick HijackThis.exe, and hit "Scan".

 

When the scan is finished, the "Scan" button will change into a "Save Log" button.

Press that, save the log, do Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.97.7

Scan saved at 11:15:44, on 29/07/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\LEXBCES.EXE

C:\WINNT\system32\spoolsv.exe

C:\WINNT\system32\LEXPPS.EXE

C:\Program Files\INTEL\DSLSetup\ProDsl.exe

C:\Program Files\Evidence Eliminator\ee.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe

C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINNT\Downloaded Program Files\ucnbhmee.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\Program Files\Messenger\msmsgs.exe

C:\PROGRA~1\AIM95\aim.exe

C:\Program Files\Royal Mail\SmartStamp\BINARY\STRAY.EXE

C:\PROGRA~1\Iomega\System32\AppServices.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

c:\progra~1\mcafee.com\vso\mcvsftsn.exe

C:\mysql\bin\mysqld-nt.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\ZoneLabs\vsmon.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\unzipped\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoit.com/direct.php?url=www.yahoo.com

O4 - HKLM\..\Run: [mysoft] C:\WINNT\Downloaded Program Files\ucnbhmee.exe

O13 - DefaultPrefix: http://www.microsoit.com/direct.php?url=

O13 - WWW Prefix: http://www.microsoit.com/direct.php?url=

Share this post


Link to post
Share on other sites

Thanks for taking the time to look at the scan.

 

Can I tell you that I've tried using CWS, Hijack this and Spybot.

 

When I try to delete the program ucnbhmee.exe the computer tells me that it is running and therefore cannot be deleted.

 

This is a tricky one!

Share this post


Link to post
Share on other sites

Sorted this - Here's how.

 

I restarted the computer in safe mode and found the file ucnbhmee.exe then deleted it.

 

I then turned on hijack this and deleted ucnbhmee.exe, the microsoit start page and both microsoit redirects.

 

Having done that I then started the computer in normal mode and the files did not return.

 

Hope this helps someone.

 

Thanks for looking.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0