Go Back   Computer Forums > General Computing > Cyber Safety and Computer Security
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 11-05-2007, 01:09 AM   #1
Beta Member
 
Join Date: Nov 2007
Posts: 1
Default Strange hack/trojan/malware... NO idea what to do...

I have noticed some strange behavior on my computer as of late, and I couldn't really figure out what was going on. Some previously-reliable programs would close immediately upon running them, strange pop-ups showing up while I wasn't at the computer, general stuff like this. Today, I noticed something bizarre. Poking around in the task manager I saw 2 programs running that I don't usually see there.

grwwxgp.exe
vnwbekj.exe

Typically when I see a program that is unfamiliar in the task manager I just do a google search. Virtually every program, malicious or legit, will return some hits from a basic google search, but not these. As a matter of fact, I could never even get a google search to work. As soon as I hit enter with either of the programs as my search parameters Firefox closes. Same thing with IE. If I remove the .exe from the search then it doesn't close, but the search still came up fruitless. This had me very perplexed and frustrated, of course.

My next course of action was to do a basic Windows Search function for either program, doing grwwxgp.exe first. The only thing it came up with was...

grwwxgp.exe-02D1DB6F.pf

That is located in C:\Windows\Prefatch. I decided to open the file with Notepad to see if I could find any clues, and there is a TON of stuff there. Most of the text in the body was foreign looking characters with solid black blocks mixed in, but there was some interesting stuff in the middle.
Code:
\ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ N T D L L . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ K E R N E L 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ U N I C O D E . N L S   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ L O C A L E . N L S   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ S O R T T B L S . N L S   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ P R O G R A M   F I L E S \ C O M M O N   F I L E S \ S Y S T E M \ G R W W X G P . E X E   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ U S E R 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ G D I 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ A D V A P I 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ R P C R T 4 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ O L E A U T 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ M S V C R T . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ O L E 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ C T Y P E . N L S   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ S O R T K E Y . N L S   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ S H E L L 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ S H L W A P I . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ W I N S X S \ X 8 6 _ M I C R O S O F T . W I N D O W S . C O M M O N - C O N T R O L S _ 6 5 9 5 B 6 4 1 4 4 C C F 1 D F _ 6 . 0 . 2 6 0 0 . 2 1 8 0 _ X - W W _ A 8 4 F 1 F F 9 \ C O M C T L 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ $ M F T   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ W I N D O W S S H E L L . M A N I F E S T   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ C O M C T L 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ P R O G R A M   F I L E S \ C O M M O N   F I L E S \ L O G I S H R D \ L V M V F M \ L V P R C I N J . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ U R L M O N . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ V E R S I O N . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ W I N I N E T . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ C R Y P T 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ M S A S N 1 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ P R O G R A M   F I L E S \ L O G I T E C H \ S E T P O I N T \ L G S C R O L L . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ W I N S X S \ X 8 6 _ M I C R O S O F T . V C 8 0 . C R T _ 1 F C 8 B 3 B 9 A 1 E 1 8 E 3 B _ 8 . 0 . 5 0 7 2 7 . 1 6 3 _ X - W W _ 6 8 1 E 2 9 F B \ M S V C R 8 0 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ W I N S X S \ X 8 6 _ M I C R O S O F T . V C 8 0 . C R T _ 1 F C 8 B 3 B 9 A 1 E 1 8 E 3 B _ 8 . 0 . 5 0 7 2 7 . 1 6 3 _ X - W W _ 6 8 1 E 2 9 F B \ M S V C P 8 0 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ N T M A R T A . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ W L D A P 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ S A M L I B . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ P R E F E T C H \ N E R O . E X E - 3 0 1 7 C 3 5 7 . P F   W S (      †P˜„cæHX          O F \ D E V I C E \ H A R D D I S K V O L U M E 1      1   :    [   !     Š            H   ‚€                  ”    Šž        †    c                       mA     tb          g    c    W    <    +         O    ‚O    œ   G                    7    r     UŽ    [Ž         +           |     †vO   , ›                 \ D E V I C E \ H A R D D I S K V O L U M E 1 \   & \ D E V I C E \ H A R D D I S K V O L U M E 1 \ P R O G R A M   F I L E S \   3 \ D E V I C E \ H A R D D I S K V O L U M E 1 \ P R O G R A M   F I L E S \ C O M M O N   F I L E S \   < \ D E V I C E \ H A R D D I S K V O L U M E 1 \ P R O G R A M   F I L E S \ C O M M O N   F I L E S \ L O G I S H R D \   C \ D E V I C E \ H A R D D I S K V O L U M E 1 \ P R O G R A M   F I L E S \ C O M M O N   F I L E S \ L O G I S H R D \ L V M V F M \   : \ D E V I C E \ H A R D D I S K V O L U M E 1 \ P R O G R A M   F I L E S \ C O M M O N   F I L E S \ S Y S T E M \   / \ D E V I C E \ H A R D D I S K V O L U M E 1 \ P R O G R A M   F I L E S \ L O G I T E C H \   8 \ D E V I C E \ H A R D D I S K V O L U M E 1 \ P R O G R A M   F I L E S \ L O G I T E C H \ S E T P O I N T \     \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \   ) \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ P R E F E T C H \   ) \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \   ' \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ W I N S X S \   k \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ W I N S X S \ X 8 6 _ M I C R O S O F T . V C 8 0 . C R T _ 1 F C 8 B 3 B 9 A 1 E 1 8 E 3 B _ 8 . 0 . 5 0 7 2 7 . 1 6 3 _ X - W W _ 6 8 1 E 2 9 F B \   z \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ W I N S X S \ X 8 6 _ M I C R O S O F T . W I N D O W S . C O M M O N - C O N T R O L S _ 6 5 9 5 B 6 4 1 4 4 C C F 1 D F _ 6 . 0 . 2 6 0 0 . 2 1 8 0 _ X - W W _ A 8 4 F 1 F F 9 \    	     
None of this made too much sense to me, but I will draw your attention to one particular line.

\ D E V I C E \ H A R D D I S K V O L U M E 1 \ P R O G R A M F I L E S \ C O M M O N F I L E S \ S Y S T E M \ G R W W X G P . E X E

That was interesting because it listed a location of grwwxgp.exe. So I go to the file explorer and go to Program Files\Common Files\ and look for \system, but it's not there. I type it into the address bar, and for a split second I can see the contents, but it closes much faster than I can begin to look through them, read them, or do anything. Repeated tries gave me the same results. The explorer window just kept closing. So I decided to go ahead and run "msconfig" to see if there was anything suspicious in there. Same thing happens! msconfig pops up for a brief second and then just disappears. No trace left behind in the Task Manager.

As you can see, I am sorta at the end of my rope here. Trying to manually end the processes in Task Manager just closes Task Manager. Spybot closes automatically when I run it, AdAware doesn't, but didn't register any hits. Browsers crash if I google search the .exe's, and msconfig is unreachable. Anyone have any ideas?

I would like to thank anyone that read this as I know its a bit long, but I would greatly appreciate any help/ideas anyone has. This is VERY frustrating as you can imagine.

[EDIT]haha, the [CODE] snippet I put in didn't do any kind of wordwrap, sorry. It may be more legible if copy/pasted to Notepad[/EDIT]
__________________

evnglion is offline   Reply With Quote
Old 11-05-2007, 03:07 AM   #2
Golden Master
 
ArrizX's Avatar
 
Join Date: Apr 2005
Posts: 16,073
Send a message via MSN to ArrizX
Default Re: Strange hack/trojan/malware... NO idea what to do...

Have you tried doing any manual search & removal from Safe Mode?
__________________

__________________
. ()()()()
./l ,[_\_\ ],
l---L ()lllllll()-
()_) ()_)--o-)_)
ArrizX is offline   Reply With Quote
Old 11-05-2007, 03:47 AM   #3
Site Team
 
Lowndsey's Avatar
 
Join Date: Sep 2007
Posts: 3,607
Default Re: Strange hack/trojan/malware... NO idea what to do...

it's no easy feat typing something into google and getting zero results either
Lowndsey is offline   Reply With Quote
Old 11-05-2007, 12:25 PM   #4
Golden Master
 
dude_se's Avatar
 
Join Date: Nov 2004
Posts: 8,632
Send a message via AIM to dude_se Send a message via MSN to dude_se
Default Re: Strange hack/trojan/malware... NO idea what to do...

does safe mode work?
how about virus scans and stuff?
also download hijack this
__________________
Laptop spec: ASUS X53E, i5 2430m 2.4ghz, 3gb ram, 320gb hdd, intel hd graphics, usb 3.0
dude_se is offline   Reply With Quote
Old 11-05-2007, 02:49 PM   #5
Fully Optimized
 
BrynF_UK's Avatar
 
Join Date: Jun 2007
Posts: 1,574
Send a message via MSN to BrynF_UK
Default Re: Strange hack/trojan/malware... NO idea what to do...

have you tried editing the text file you opened?
__________________
`

Visit today! ---> www.smouch.net/lol <---

_______________________________________________
BrynF_UK is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 11:41 AM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0