What is this program???

  • Thread starter Thread starter nybarton
  • Start date Start date
N

nybarton

Whenever I have to reboot, I get a dialogue window showing a program is
ending. It doesn't last long enough for me to get the entire name, which is
very long, but it starts with "banuzttx8u.......". It happens every time I
close down Win XP. I've tried searching for it, but nothing comes up. What
the heck is this program that's still open every time I close Windows??
Thanks
 
From: "nybarton" <[email protected]>

| Whenever I have to reboot, I get a dialogue window showing a program is
| ending. It doesn't last long enough for me to get the entire name, which is
| very long, but it starts with "banuzttx8u.......". It happens every time I
| close down Win XP. I've tried searching for it, but nothing comes up. What
| the heck is this program that's still open every time I close Windows??
| Thanks
|



Download and execute HiJack This! (HJT)
http://www.spywareinfo.com/~merijn/files/HijackThis.exe

Create a HJT log file and post it in one of the below locations...

{ Please - Do NOT post the HJT Log here ! }

Forums where you can get expert advice for HiJack This! (HJT) logs.

NOTE: Registration is REQUIRED in any of the below before posting a log

Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0

Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html

Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://www.malwarebytes.org/forums/index.php?showforum=7
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13
 
nybarton said:
Whenever I have to reboot, I get a dialogue window showing a program is
ending. It doesn't last long enough for me to get the entire name, which
is very long, but it starts with "banuzttx8u.......". It happens every
time I close down Win XP. I've tried searching for it, but nothing comes
up. What the heck is this program that's still open every time I close
Windows?? Thanks
Click to expand...

That's almost certainly a sign of some sort of malware infection. And you
probably can't find it because the file marked as hidden and is in a system
directory that's also marked as hidden, and it's likely that it has friends
hiding there too.

The place to start is cleaning out the temporary files and folders. The
easiest way to do this - the XP cleanup utility is not adequate for this
purpose- is to get ccleaner from www.ccleaner.com .

Download it, install and let it run. You might want to keep the cookies,
or not. Let it clear out everything else. The first time it runs, it can
take some time; it's not unusual for it to find hundreds of megabytes of
files. Much malware starts in these folders.

From there, you need to identify the loader, or let a tool find it and
delete it. The loader may not be using the name that you're seeing on that
window.

Process Explorer can help a lot with identifying running files, but it's
necessary to understand what you're seeing.

http://www.microsoft.com/technet/sysinternals/Security/ProcessExplorer.mspx

You should be able to find a reference in msconfig, which you can launch by
going to start, run, and typing msconfig. Look at the startup tab, and
pay attention to each entry. When you find the malware, simply de-select
it, exit msconfig and reboot. This will *not* remove the malware. From
there, use an up-to-date virus scanner. Try going to TrendMicro's site and
running Housecall; this can often be effective when local antivirus installs
have been compromised.
http://housecall.trendmicro.com/

You'll want a broadband connection for this. If you can reboot into Safe
Mode with Network support and get the Housecall scan to work, that's even
better.

If the problem persists, you'll need more in-depth help, and that's where
the other suggestion regarding HiJack This comes it - that is an excellent
tool, but again, you have to understand what you're seeing. Please don't
post HiJackThis logs here.

HTH
-pk
..
 
Back
Top