L
lalit1
I have a process running in task manager called JNAF34.exe - Google
shows "not found". Any idea what this could be?
shows "not found". Any idea what this could be?
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
B
Bob I
What do the properties say when you right click on it in Windows explorer?
G
Gerry Cornell
Are you interested in Japanese Naval Aircraft? Games or otherwise?
Have you checked for viruses / spyware?
--
Hope this helps.
Gerry
~~~~~~~~~~~~~~~~~~~~~~~~
FCA
Using invalid email address
Stourport, Worcs, England
Enquire, plan and execute.
~~~~~~~~~~~~~~~~~~~~~~~~
Please tell the newsgroup how any
suggested solution worked for you.
~~~~~~~~~~~~~~~~~~~~~~~~
Have you checked for viruses / spyware?
--
Hope this helps.
Gerry
~~~~~~~~~~~~~~~~~~~~~~~~
FCA
Using invalid email address
Stourport, Worcs, England
Enquire, plan and execute.
~~~~~~~~~~~~~~~~~~~~~~~~
Please tell the newsgroup how any
suggested solution worked for you.
~~~~~~~~~~~~~~~~~~~~~~~~
L
lalit1
Gerry said:Are you interested in Japanese Naval Aircraft? Games or otherwise?
Have you checked for viruses / spyware?
--
Hope this helps.
Gerry
~~~~~~~~~~~~~~~~~~~~~~~~
FCA
I have checked for viruses and spyware. None were found. However after
restarting, jnaf32 has vanished. But ju8355.exe is now running (which
wasnt before). Properties show location to be windows/temp and created
date/time is the same as the time I restarted. Size is 168kb.
I dont play games. Thanks.
G
Guest
You've got some type of malware running on your system. I would run Ad-Aware
and Spybot at the minimum.
and Spybot at the minimum.
G
Gerry Cornell
Notwithstanding that you have checked for viruses and spyware I agree
with your other reply. You may well have an uninvited guest. Try
cleaning your machine.
When dealing with a persistent virus / trojan you need to delete system
restore points and not use them as they will contain the virus and put
it
back into your system. Turn off System Restore until cleaning is
finished. Also run your anti-virus with updated definitions in safe
mode. Sometimes you need to run an anti-virus from a floppy and Trend
offer one that can be used.
Create a new folder named Sysclean (e.g., C:\Program files\Sysclean, or
just a desktop folder).
Download Sysclean.com (http://www.trendmicro.com/download/dcs.asp) and
place it in this folder.
Download the latest Controlled Pattern Release zip
(http://www.trendmicro.com/download/pattern.asp, e.g., lpt123.zip) and
extract its contents to the same folder. See the Readme text file for
additional instructions.
Delete Temporary Internet Files (IE Tools>Internet Options>General)
accepting the option to delete all offline content. Reboot and delete
contents of all TEMP folders and then your Recycle Bin.
Close all running programs including your anti-virus application, go
offline, and run Sysclean. For best results, do nothing with the machine
until the scan completes.
If the scan shows any infections in System Restore files and you're
running WinXP, create a new Restore Point
(Start>Programs>Accessories>System Tools>System Restore), then delete
all but the most recent Restore Point (Start>Programs>Accessories>System
Tools>Disk Cleanup>More options).
Work through the spyware removal programmes etc in turn in safe mode
until you get no results.
Afterwards, update your own anti-virus application and perform another
full system scan.
Finally run HijackThis and post the HijackThis log to the HijackThis
forum here:
http://aumha.net/
You will need to register with Aumha to be able to post.
--
Hope this helps.
Gerry
~~~~~~~~~~~~~~~~~~~~~~~~
FCA
Using invalid email address
Stourport, Worcs, England
Enquire, plan and execute.
~~~~~~~~~~~~~~~~~~~~~~~~
Please tell the newsgroup how any
suggested solution worked for you.
~~~~~~~~~~~~~~~~~~~~~~~~
with your other reply. You may well have an uninvited guest. Try
cleaning your machine.
When dealing with a persistent virus / trojan you need to delete system
restore points and not use them as they will contain the virus and put
it
back into your system. Turn off System Restore until cleaning is
finished. Also run your anti-virus with updated definitions in safe
mode. Sometimes you need to run an anti-virus from a floppy and Trend
offer one that can be used.
Create a new folder named Sysclean (e.g., C:\Program files\Sysclean, or
just a desktop folder).
Download Sysclean.com (http://www.trendmicro.com/download/dcs.asp) and
place it in this folder.
Download the latest Controlled Pattern Release zip
(http://www.trendmicro.com/download/pattern.asp, e.g., lpt123.zip) and
extract its contents to the same folder. See the Readme text file for
additional instructions.
Delete Temporary Internet Files (IE Tools>Internet Options>General)
accepting the option to delete all offline content. Reboot and delete
contents of all TEMP folders and then your Recycle Bin.
Close all running programs including your anti-virus application, go
offline, and run Sysclean. For best results, do nothing with the machine
until the scan completes.
If the scan shows any infections in System Restore files and you're
running WinXP, create a new Restore Point
(Start>Programs>Accessories>System Tools>System Restore), then delete
all but the most recent Restore Point (Start>Programs>Accessories>System
Tools>Disk Cleanup>More options).
Work through the spyware removal programmes etc in turn in safe mode
until you get no results.
Afterwards, update your own anti-virus application and perform another
full system scan.
Finally run HijackThis and post the HijackThis log to the HijackThis
forum here:
http://aumha.net/
You will need to register with Aumha to be able to post.
--
Hope this helps.
Gerry
~~~~~~~~~~~~~~~~~~~~~~~~
FCA
Using invalid email address
Stourport, Worcs, England
Enquire, plan and execute.
~~~~~~~~~~~~~~~~~~~~~~~~
Please tell the newsgroup how any
suggested solution worked for you.
~~~~~~~~~~~~~~~~~~~~~~~~
D
David H. Lipman
From: "lalit1" <[email protected]>
| I have a process running in task manager called JNAF34.exe - Google
| shows "not found". Any idea what this could be?
For non-viral malware...
Please download, install and update the following software...
Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/
SpyBot Search and Destroy v1.4
http://security.kolla.de/
After the software is updated, I suggest scanning the system in Safe Mode.
I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects
that may be on the PC.
BHODemon
http://www.definitivesolutions.com/bhodemon.htm
For viral malware...
Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe
It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
http://kixtart.org Kixtart is CareWare } 4 batch files, 6 Kixtart scripts, one Link
(.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
simplify the process of using; Sophos, Trend, Kasperski and McAfee Anti Virus Command
Line Scanners to remove viruses, Trojans and various other malware.
C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.
You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.
To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close
Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }
NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.
* * * Please report back your results * * *
| I have a process running in task manager called JNAF34.exe - Google
| shows "not found". Any idea what this could be?
For non-viral malware...
Please download, install and update the following software...
Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/
SpyBot Search and Destroy v1.4
http://security.kolla.de/
After the software is updated, I suggest scanning the system in Safe Mode.
I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects
that may be on the PC.
BHODemon
http://www.definitivesolutions.com/bhodemon.htm
For viral malware...
Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe
It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
http://kixtart.org Kixtart is CareWare } 4 batch files, 6 Kixtart scripts, one Link
(.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
simplify the process of using; Sophos, Trend, Kasperski and McAfee Anti Virus Command
Line Scanners to remove viruses, Trojans and various other malware.
C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.
You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.
To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close
Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }
NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.
* * * Please report back your results * * *
D
David H. Lipman
From: "Gerry Cornell" <[email protected]>
| Notwithstanding that you have checked for viruses and spyware I agree
| with your other reply. You may well have an uninvited guest. Try
| cleaning your machine.
|
| When dealing with a persistent virus / trojan you need to delete system
| restore points and not use them as they will contain the virus and put
| it
| back into your system. Turn off System Restore until cleaning is
| finished. Also run your anti-virus with updated definitions in safe
| mode. Sometimes you need to run an anti-virus from a floppy and Trend
| offer one that can be used.
|
| Create a new folder named Sysclean (e.g., C:\Program files\Sysclean, or
| just a desktop folder).
| Download Sysclean.com (http://www.trendmicro.com/download/dcs.asp) and
| place it in this folder.
|
| Download the latest Controlled Pattern Release zip
| (http://www.trendmicro.com/download/pattern.asp, e.g., lpt123.zip) and
| extract its contents to the same folder. See the Readme text file for
| additional instructions.
|
| Delete Temporary Internet Files (IE Tools>Internet Options>General)
| accepting the option to delete all offline content. Reboot and delete
| contents of all TEMP folders and then your Recycle Bin.
|
| Close all running programs including your anti-virus application, go
| offline, and run Sysclean. For best results, do nothing with the machine
| until the scan completes.
|
| If the scan shows any infections in System Restore files and you're
| running WinXP, create a new Restore Point
| (Start>Programs>Accessories>System Tools>System Restore), then delete
| all but the most recent Restore Point (Start>Programs>Accessories>System
Tools>> Disk Cleanup>More options).
|
| Work through the spyware removal programmes etc in turn in safe mode
| until you get no results.
|
| Afterwards, update your own anti-virus application and perform another
| full system scan.
|
| Finally run HijackThis and post the HijackThis log to the HijackThis
| forum here:
| http://aumha.net/
|
| You will need to register with Aumha to be able to post.
|
| --
|
| Hope this helps.
|
| Gerry
| ~~~~~~~~~~~~~~~~~~~~~~~~
| FCA
|
| Using invalid email address
|
| Stourport, Worcs, England
| Enquire, plan and execute.
| ~~~~~~~~~~~~~~~~~~~~~~~~
| Please tell the newsgroup how any
| suggested solution worked for you.
|
|
|
| ~~~~~~~~~~~~~~~~~~~~~~~~
Gerry:
In relation to your post concerning using Trend Sysclean. I have automated the process of
using the Trend Sysclean utility. They make downloading and using the utility a snap.
Additionally they provide additional anti virus/anti malware counter measures such as making
sure the AV vendor web site is not blocked by the hosts file or other techniques.
One is a standalone version that only provides Trend Micro's Sysclean utility and is called
the 'Sysclean Front End', Sysclean_FE.exe.
http://www.ik-cs.com/programs/virtools/Sysclean_FE.exe
The other combines Tren's Syclean with the command line scanner's from; McAfee, Sophos and
Kasperski and it the 'Multi AV scanning tool', Multi_AV.exe.
http://www.ik-cs.com/programs/virtools/Multi_AV.exe
Both are at: http://www.ik-cs.com/got-a-virus.htm
| Notwithstanding that you have checked for viruses and spyware I agree
| with your other reply. You may well have an uninvited guest. Try
| cleaning your machine.
|
| When dealing with a persistent virus / trojan you need to delete system
| restore points and not use them as they will contain the virus and put
| it
| back into your system. Turn off System Restore until cleaning is
| finished. Also run your anti-virus with updated definitions in safe
| mode. Sometimes you need to run an anti-virus from a floppy and Trend
| offer one that can be used.
|
| Create a new folder named Sysclean (e.g., C:\Program files\Sysclean, or
| just a desktop folder).
| Download Sysclean.com (http://www.trendmicro.com/download/dcs.asp) and
| place it in this folder.
|
| Download the latest Controlled Pattern Release zip
| (http://www.trendmicro.com/download/pattern.asp, e.g., lpt123.zip) and
| extract its contents to the same folder. See the Readme text file for
| additional instructions.
|
| Delete Temporary Internet Files (IE Tools>Internet Options>General)
| accepting the option to delete all offline content. Reboot and delete
| contents of all TEMP folders and then your Recycle Bin.
|
| Close all running programs including your anti-virus application, go
| offline, and run Sysclean. For best results, do nothing with the machine
| until the scan completes.
|
| If the scan shows any infections in System Restore files and you're
| running WinXP, create a new Restore Point
| (Start>Programs>Accessories>System Tools>System Restore), then delete
| all but the most recent Restore Point (Start>Programs>Accessories>System
Tools>> Disk Cleanup>More options).
|
| Work through the spyware removal programmes etc in turn in safe mode
| until you get no results.
|
| Afterwards, update your own anti-virus application and perform another
| full system scan.
|
| Finally run HijackThis and post the HijackThis log to the HijackThis
| forum here:
| http://aumha.net/
|
| You will need to register with Aumha to be able to post.
|
| --
|
| Hope this helps.
|
| Gerry
| ~~~~~~~~~~~~~~~~~~~~~~~~
| FCA
|
| Using invalid email address
|
| Stourport, Worcs, England
| Enquire, plan and execute.
| ~~~~~~~~~~~~~~~~~~~~~~~~
| Please tell the newsgroup how any
| suggested solution worked for you.
|
|
|
| ~~~~~~~~~~~~~~~~~~~~~~~~
Gerry:
In relation to your post concerning using Trend Sysclean. I have automated the process of
using the Trend Sysclean utility. They make downloading and using the utility a snap.
Additionally they provide additional anti virus/anti malware counter measures such as making
sure the AV vendor web site is not blocked by the hosts file or other techniques.
One is a standalone version that only provides Trend Micro's Sysclean utility and is called
the 'Sysclean Front End', Sysclean_FE.exe.
http://www.ik-cs.com/programs/virtools/Sysclean_FE.exe
The other combines Tren's Syclean with the command line scanner's from; McAfee, Sophos and
Kasperski and it the 'Multi AV scanning tool', Multi_AV.exe.
http://www.ik-cs.com/programs/virtools/Multi_AV.exe
Both are at: http://www.ik-cs.com/got-a-virus.htm
L
lalit1
I downloaded Sysclean and the pattern files, unzipped them to the same
folder leaving the sub folder names as they were, deleted temporary
internet files and cleaned out the recycle bin, rebooted and scanned.
However the scan came clean.
Also I have noticed soundman.exe, which I know is a worm, running in
the processes. This never appeared earlier, so I don't think it's the
legitimate Windows file. This too is not showing up on any scans.
folder leaving the sub folder names as they were, deleted temporary
internet files and cleaned out the recycle bin, rebooted and scanned.
However the scan came clean.
Also I have noticed soundman.exe, which I know is a worm, running in
the processes. This never appeared earlier, so I don't think it's the
legitimate Windows file. This too is not showing up on any scans.
G
Gerry Cornell
http://www.liutilities.com/products/wintaskspro/processlibrary/soundman/
--
Hope this helps.
Gerry
~~~~~~~~~~~~~~~~~~~~~~~~
FCA
Using invalid email address
Stourport, Worcs, England
Enquire, plan and execute.
~~~~~~~~~~~~~~~~~~~~~~~~
Please tell the newsgroup how any
suggested solution worked for you.
~~~~~~~~~~~~~~~~~~~~~~~~
--
Hope this helps.
Gerry
~~~~~~~~~~~~~~~~~~~~~~~~
FCA
Using invalid email address
Stourport, Worcs, England
Enquire, plan and execute.
~~~~~~~~~~~~~~~~~~~~~~~~
Please tell the newsgroup how any
suggested solution worked for you.
~~~~~~~~~~~~~~~~~~~~~~~~
D
David H. Lipman
From: "lalit1" <[email protected]>
| I downloaded Sysclean and the pattern files, unzipped them to the same
| folder leaving the sub folder names as they were, deleted temporary
| internet files and cleaned out the recycle bin, rebooted and scanned.
| However the scan came clean.
| Also I have noticed soundman.exe, which I know is a worm, running in
| the processes. This never appeared earlier, so I don't think it's the
| legitimate Windows file. This too is not showing up on any scans.
You said ... "...I have noticed soundman.exe, which I know is a worm..."
How do you come to that conclusion ?
Here's what you should do...
Submit a sample of "soundman.exe" to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition, unless told
otherwise, Virus Total will provide the sample to all participating vendors.
When you get the report, please post back the exact results.
| I downloaded Sysclean and the pattern files, unzipped them to the same
| folder leaving the sub folder names as they were, deleted temporary
| internet files and cleaned out the recycle bin, rebooted and scanned.
| However the scan came clean.
| Also I have noticed soundman.exe, which I know is a worm, running in
| the processes. This never appeared earlier, so I don't think it's the
| legitimate Windows file. This too is not showing up on any scans.
You said ... "...I have noticed soundman.exe, which I know is a worm..."
How do you come to that conclusion ?
Here's what you should do...
Submit a sample of "soundman.exe" to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition, unless told
otherwise, Virus Total will provide the sample to all participating vendors.
When you get the report, please post back the exact results.