Strange startup task

[Swifty]

I've been helping a neighbour with a soundcard problem. Looking through
the startup tasks I found one in HKLM/Run which was called "Windows
Update" and it was executing \WINDOWS\System32\fwhjkkyb.dll
As each user logged on, they were getting "access denied" on this file.

This sure looks like a virus, or a remnant. Does anyone know what it
really is?

 

[Ronaldo]

There is no doubt it is not a system file... and by the name you can tell
it's not a "nice" process (I would interpret "fwhjkkyb" as;
"fak windows, hijack[ers] kill you btch"

delete it from:
C:\WINDOWS\System32\fwhjkkyb.dll and from the Run key in the registry and
look if it's also present in all the Run keys from the HKEY_LOCAL_MACHINE,
CURRENT_USER, and USERS.. in users look under .DEFAULT and under all user
accounts (coded names). And it would be best done in Safe Mode.. to do so,
restart the computer and press F8 as the machine restarts and hold untill
the Safe mode options list appears, highlight "Safe Mode" and hit Enter.

Path to follow on registry hives:
HKEY_(Local_Machine|Current_user|Users)\Software\Microsoft\Windows\CurrentVe
rsion\Run

Also scan the system with antivirus, antispyware and antitrojan programs:
Install Adaware SE Personal, Spybot Search & Destroy, CWShredder, and The
Cleaner.

http://www.majorgeeks.com/downloads31.html

http://www.moosoft.com

 

[Swifty]

Also scan the system with antivirus, antispyware and antitrojan programs:

Install Adaware SE Personal, Spybot Search & Destroy, CWShredder, and The
Cleaner.

Thanks for a confirmation of my suspicions. I've already started down
the scanning route. They have "Avast" antivirus, which doesn't seem to
have any mechanism for updating its virus signatures list (but I can't
escape from its "simple" mode - how come you can't get complexity in
your life when you *want* it). I was going to try Kapersky. They also
have Windows Defender.

Incidentally, the other symptom on this system is that some (but not
all) users are told there is no audio device, despite it being in the
Hardware manager, and showing as working (and actually working for some
users).
A user in such state cannot even re-install the drivers for the
soundcard - the installation says that it cannot find the soundcard (a
functioning SoundBlaster Live! as it happens). I've seen several reports
of these symptoms recently, with no resolution. In this particular case
a bypass was to set my neighbour up with a fresh userid.

 

[Ronaldo]

The antivirus update program may have been disabled by the virus,
reinstalling the program will probably solve it.. and online virus scans are
often recommended as alternative scanners in cases where a local antivirus
doesn't detect a probable infection. Do several online scans to make sure
the virus/malware is no longer in the system. Panda, Kaspersky & Avast have
reliable virus scanners.
http://www.google.com.mx/search?hl=en&q=online+antivirus&btnG=Search

The soundcard problem may be solved by reinstalling the card in the device
manager... (Uninstall and restart, or "detect new hardware") it should
reinstall for all user profiles... If it doesn't solve the problem, the user
profiles may have been corrupted.

------------------------------------------------

 

[Swifty]

The soundcard problem may be solved by reinstalling the card in the device

manager... (Uninstall and restart, or "detect new hardware") it should
reinstall for all user profiles... If it doesn't solve the problem, the user
profiles may have been corrupted.

Reinstalling didn't help, so we're going the corrupt user profile path,
setting up new userids, and copying data as needed (my documents, etc).
This process was greeted with some relief, as the old userid was
suffering from the effects of some "strange settings/preferences" and it
gave us a clean slate to work with.

Thank you for your suggestions.