Jump to content


Photo

microsoit file


  • Please log in to reply
5 replies to this topic

#1 jobby

jobby

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 28 July 2004 - 11:16 AM

:gasp: I've got this file stuck in my register. Whenever I use the shredder, spybot, hijack this or buster it still returns. I've searched the pages on spi but cannot find ref to this file.

The file is connected to microsoit.

The file name is ucnbhmee.exe

Anybody?

#2 jobby

jobby

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 28 July 2004 - 12:27 PM

As an add on to this post it would now seem that I cannot connect to spywareinfo directly by typing in the address bar www.spywareinfo.com

To make sure I had the right address I ran a search on google but could not access it from there either.

I access spywareinfo to post this message by /index.php that works.

#3 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 28 July 2004 - 06:06 PM

We need a closer look at what's happening.
Please download Hijack this
Copy it into its own folder, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, do Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#4 jobby

jobby

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 29 July 2004 - 05:19 AM

Logfile of HijackThis v1.97.7
Scan saved at 11:15:44, on 29/07/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\INTEL\DSLSetup\ProDsl.exe
C:\Program Files\Evidence Eliminator\ee.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\Downloaded Program Files\ucnbhmee.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AIM95\aim.exe
C:\Program Files\Royal Mail\SmartStamp\BINARY\STRAY.EXE
C:\PROGRA~1\Iomega\System32\AppServices.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\mysql\bin\mysqld-nt.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoit...l=www.yahoo.com
O4 - HKLM\..\Run: [mysoft] C:\WINNT\Downloaded Program Files\ucnbhmee.exe
O13 - DefaultPrefix: http://www.microsoit...direct.php?url=
O13 - WWW Prefix: http://www.microsoit...direct.php?url=

#5 jobby

jobby

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 29 July 2004 - 05:22 AM

Thanks for taking the time to look at the scan.

Can I tell you that I've tried using CWS, Hijack this and Spybot.

When I try to delete the program ucnbhmee.exe the computer tells me that it is running and therefore cannot be deleted.

This is a tricky one!

#6 jobby

jobby

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 29 July 2004 - 06:11 AM

Sorted this - Here's how.

I restarted the computer in safe mode and found the file ucnbhmee.exe then deleted it.

I then turned on hijack this and deleted ucnbhmee.exe, the microsoit start page and both microsoit redirects.

Having done that I then started the computer in normal mode and the files did not return.

Hope this helps someone.

Thanks for looking.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button