uthgnaz.exe - what the heck is it?

  • Thread starter Malcolm and Rosemary Harrison
  • Start date
M

Malcolm and Rosemary Harrison

I run XP SP2 and IE and Firefox (the default). My startup programs (in
HighjackThis), which is where I first noticed it, include this program, . I
don't think I have seen it before today on my PC. A Google search produces
no results. The program properties show it is French in origin, and
possibly something about a 'mirror', which I might understand normally, but
not tin this case. It is now sitting in Task Manager at 50%, which is
alarming. Have decided for the moment not to disable it. Ran an hour ago a
full virus scan and full Defender scan, with no results. Today I gave up
the battle against the ads which my ISP (Tiscali.co.uk) seems to have just
introduced, being a banner across the top of my home page: this and other
ads flash at me. This the only recent change I can think of that might have
a bearing on my query here. Help/advice much appreciated
 
M

Malke

Malcolm said:
I run XP SP2 and IE and Firefox (the default). My startup programs (in
HighjackThis), which is where I first noticed it, include this program, .
I
don't think I have seen it before today on my PC. A Google search
produces
no results. The program properties show it is French in origin, and
possibly something about a 'mirror', which I might understand normally,
but not tin this case. It is now sitting in Task Manager at 50%, which is
alarming. Have decided for the moment not to disable it. Ran an hour ago
a
full virus scan and full Defender scan, with no results. Today I gave up
the battle against the ads which my ISP (Tiscali.co.uk) seems to have just
introduced, being a banner across the top of my home page: this and other
ads flash at me. This the only recent change I can think of that might
have
a bearing on my query here. Help/advice much appreciated
Click to expand...

Your computer is infected.

Go through these general malware removal steps systematically -
http://www.elephantboycomputers.com/page2.html#Removing_Malware

Include scanning with David Lipman's Multi_AV and follow instructions to do
all scans in Safe Mode. Please see the special Notes regarding using
Multi_AV in Vista.

http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions
http://tinyurl.com/yoeru3 - download link and more instructions

When all else fails, get guided help. Choose one of the specialty forums
listed at the first link. Register and read its posting FAQ. PLEASE DO NOT
POST LOGS IN THE MS NEWSGROUPS.

If you can't do the work yourself (and there is no shame in admitting this
isn't your cup of tea), take the machine to a professional computer repair
shop (not your local equivalent of BigComputerStore/GeekSquad). Please be
aware that not all local shops are skilled at removing malware and even if
they are, your computer may be so infested that Windows will need to be
clean-installed. If possible, have all your data backed up before you take
the machine into a shop.

Malke
 
T

Thee Chicago Wolf [MVP]

I run XP SP2 and IE and Firefox (the default). My startup programs (in
HighjackThis), which is where I first noticed it, include this program, . I
don't think I have seen it before today on my PC. A Google search produces
no results. The program properties show it is French in origin, and
possibly something about a 'mirror', which I might understand normally, but
not tin this case. It is now sitting in Task Manager at 50%, which is
alarming. Have decided for the moment not to disable it. Ran an hour ago a
full virus scan and full Defender scan, with no results. Today I gave up
the battle against the ads which my ISP (Tiscali.co.uk) seems to have just
introduced, being a banner across the top of my home page: this and other
ads flash at me. This the only recent change I can think of that might have
a bearing on my query here. Help/advice much appreciated
Click to expand...

Update to SP3 and go and grab Spybot + updates.

- Thee Chicago Wolf [MVP]
 
M

Malcolm and Rosemary Harrison

Many thanks.

I have fixed the program in HijackThis. It no longer appears in Task Manger.
My PC is running normally.

On what basis, in point of fact, do you suggest your interventions?

Do you know about this program? If not, what have I said that tells you I
am in danger of having to reinstall Windows!

If I don't do as you say, what evidence might I expect that something major
is wrong?
 
M

Malcolm and Rosemary Harrison

Maklwarebytes has removed 15 entries from my PC, seven of which related to
uthngaz. So I assume for the moment my problem is over. On to
Superantispyware next.
I shall of course run each program daily, rest assured of that.

I have Malwarebytes on my other PC at home, but stupidly I did not think to
install it on this PC at our other place.

Many thanks for your post. Wee all indebted to you and to your
organization.
 
M

Malke

Malcolm and Rosemary Harrison wrote:

Comments inline:
Maklwarebytes has removed 15 entries from my PC, seven of which related to
uthngaz. So I assume for the moment my problem is over. On to
Superantispyware next.
I shall of course run each program daily, rest assured of that.
Click to expand...

This is usually not necessary if you practice Safe Hex:

http://www.getsafeonline.org/
https://www.mysecurecyberspace.com/
http://www.getnetwise.org/
http://www.aumha.org/a/parasite.htm - The Parasite Fight
http://msmvps.com/blogs/harrywaldron/archive/2006/02/05/82584.aspx - MVP
http://www.elephantboycomputers.com/staying-safe.pdf (article I wrote for my
clients which you are welcome to download)

A combination of experience and Google. When a filename produces nothing in
Google, there is a high probability that it is malware. And I do this for a
living. And you're running Windows XP. ;-)

I didn't say *you* would have to reinstall Windows. That's my normal
disclaimer at the end of my standard malware removal post.

Malke
 
M

Malcolm and Rosemary Harrison

Good answer. Hasta la vista!

Malke said:
Malcolm and Rosemary Harrison wrote:

Comments inline:


This is usually not necessary if you practice Safe Hex:

http://www.getsafeonline.org/
https://www.mysecurecyberspace.com/
http://www.getnetwise.org/
http://www.aumha.org/a/parasite.htm - The Parasite Fight
http://msmvps.com/blogs/harrywaldron/archive/2006/02/05/82584.aspx - MVP
http://www.elephantboycomputers.com/staying-safe.pdf (article I wrote for
my
clients which you are welcome to download)


A combination of experience and Google. When a filename produces nothing
in
Google, there is a high probability that it is malware. And I do this for
a
living. And you're running Windows XP. ;-)


I didn't say *you* would have to reinstall Windows. That's my normal
disclaimer at the end of my standard malware removal post.

Malke
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

what the heck? 1
What in the heck????? 2
Can't see any banner ads. 15
What the heck is TMOAgent? 2
What the heck? 4
Teknum what is it? 11
What the heck is C:\WINDOWS\DvzCommon\DvzMsgr.exe ? 2
Need Help Installing OEM XP (what the heck is a OEM preinstalation kit) 7

Top