Strange hack/trojan/malware... NO idea what to do...

E

evnglion

Beta member
Messages
1
I have noticed some strange behavior on my computer as of late, and I couldn't really figure out what was going on. Some previously-reliable programs would close immediately upon running them, strange pop-ups showing up while I wasn't at the computer, general stuff like this. Today, I noticed something bizarre. Poking around in the task manager I saw 2 programs running that I don't usually see there.

grwwxgp.exe
vnwbekj.exe

Typically when I see a program that is unfamiliar in the task manager I just do a google search. Virtually every program, malicious or legit, will return some hits from a basic google search, but not these. As a matter of fact, I could never even get a google search to work. As soon as I hit enter with either of the programs as my search parameters Firefox closes. Same thing with IE. If I remove the .exe from the search then it doesn't close, but the search still came up fruitless. This had me very perplexed and frustrated, of course.

My next course of action was to do a basic Windows Search function for either program, doing grwwxgp.exe first. The only thing it came up with was...

grwwxgp.exe-02D1DB6F.pf

That is located in C:\Windows\Prefatch. I decided to open the file with Notepad to see if I could find any clues, and there is a TON of stuff there. Most of the text in the body was foreign looking characters with solid black blocks mixed in, but there was some interesting stuff in the middle.
Code: 
\ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ N T D L L . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ K E R N E L 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ U N I C O D E . N L S   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ L O C A L E . N L S   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ S O R T T B L S . N L S   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ P R O G R A M   F I L E S \ C O M M O N   F I L E S \ S Y S T E M \ G R W W X G P . E X E   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ U S E R 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ G D I 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ A D V A P I 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ R P C R T 4 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ O L E A U T 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ M S V C R T . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ O L E 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ C T Y P E . N L S   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ S O R T K E Y . N L S   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ S H E L L 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ S H L W A P I . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ W I N S X S \ X 8 6 _ M I C R O S O F T . W I N D O W S . C O M M O N - C O N T R O L S _ 6 5 9 5 B 6 4 1 4 4 C C F 1 D F _ 6 . 0 . 2 6 0 0 . 2 1 8 0 _ X - W W _ A 8 4 F 1 F F 9 \ C O M C T L 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ $ M F T   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ W I N D O W S S H E L L . M A N I F E S T   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ C O M C T L 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ P R O G R A M   F I L E S \ C O M M O N   F I L E S \ L O G I S H R D \ L V M V F M \ L V P R C I N J . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ U R L M O N . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ V E R S I O N . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ W I N I N E T . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ C R Y P T 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ M S A S N 1 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ P R O G R A M   F I L E S \ L O G I T E C H \ S E T P O I N T \ L G S C R O L L . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ W I N S X S \ X 8 6 _ M I C R O S O F T . V C 8 0 . C R T _ 1 F C 8 B 3 B 9 A 1 E 1 8 E 3 B _ 8 . 0 . 5 0 7 2 7 . 1 6 3 _ X - W W _ 6 8 1 E 2 9 F B \ M S V C R 8 0 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ W I N S X S \ X 8 6 _ M I C R O S O F T . V C 8 0 . C R T _ 1 F C 8 B 3 B 9 A 1 E 1 8 E 3 B _ 8 . 0 . 5 0 7 2 7 . 1 6 3 _ X - W W _ 6 8 1 E 2 9 F B \ M S V C P 8 0 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ N T M A R T A . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ W L D A P 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ S A M L I B . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ P R E F E T C H \ N E R O . E X E - 3 0 1 7 C 3 5 7 . P F   W S (      †P˜￾„cæH¡°X   ￾  è     O F \ D E V I C E \ H A R D D I S K V O L U M E 1      1   :ý    ®[   ! ￾Ô    Š¯    ñê    íê    Hî   ‚€ç      ½í    åê    ãê    ”    ŠžËì    Ûê    †ì    cì    Öê    ì    Íê    ×ë    Ðë   mAè     tbÄê    ×      gë    cë    Wë    <ë    +ë         ÑO    ‚O    œü   ÃG      Í     Î     ¿Ð    7ý    r     UŽ    [Ž         +           |     †v￾O   , ›ü          À       \ D E V I C E \ H A R D D I S K V O L U M E 1 \   & \ D E V I C E \ H A R D D I S K V O L U M E 1 \ P R O G R A M   F I L E S \   3 \ D E V I C E \ H A R D D I S K V O L U M E 1 \ P R O G R A M   F I L E S \ C O M M O N   F I L E S \   < \ D E V I C E \ H A R D D I S K V O L U M E 1 \ P R O G R A M   F I L E S \ C O M M O N   F I L E S \ L O G I S H R D \   C \ D E V I C E \ H A R D D I S K V O L U M E 1 \ P R O G R A M   F I L E S \ C O M M O N   F I L E S \ L O G I S H R D \ L V M V F M \   : \ D E V I C E \ H A R D D I S K V O L U M E 1 \ P R O G R A M   F I L E S \ C O M M O N   F I L E S \ S Y S T E M \   / \ D E V I C E \ H A R D D I S K V O L U M E 1 \ P R O G R A M   F I L E S \ L O G I T E C H \   8 \ D E V I C E \ H A R D D I S K V O L U M E 1 \ P R O G R A M   F I L E S \ L O G I T E C H \ S E T P O I N T \     \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \   ) \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ P R E F E T C H \   ) \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \   ' \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ W I N S X S \   k \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ W I N S X S \ X 8 6 _ M I C R O S O F T . V C 8 0 . C R T _ 1 F C 8 B 3 B 9 A 1 E 1 8 E 3 B _ 8 . 0 . 5 0 7 2 7 . 1 6 3 _ X - W W _ 6 8 1 E 2 9 F B \   z \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ W I N S X S \ X 8 6 _ M I C R O S O F T . W I N D O W S . C O M M O N - C O N T R O L S _ 6 5 9 5 B 6 4 1 4 4 C C F 1 D F _ 6 . 0 . 2 6 0 0 . 2 1 8 0 _ X - W W _ A 8 4 F 1 F F 9 \    	ì     ì

None of this made too much sense to me, but I will draw your attention to one particular line.

\ D E V I C E \ H A R D D I S K V O L U M E 1 \ P R O G R A M F I L E S \ C O M M O N F I L E S \ S Y S T E M \ G R W W X G P . E X E

That was interesting because it listed a location of grwwxgp.exe. So I go to the file explorer and go to Program Files\Common Files\ and look for \system, but it's not there. I type it into the address bar, and for a split second I can see the contents, but it closes much faster than I can begin to look through them, read them, or do anything. Repeated tries gave me the same results. The explorer window just kept closing. So I decided to go ahead and run "msconfig" to see if there was anything suspicious in there. Same thing happens! msconfig pops up for a brief second and then just disappears. No trace left behind in the Task Manager.

As you can see, I am sorta at the end of my rope here. Trying to manually end the processes in Task Manager just closes Task Manager. Spybot closes automatically when I run it, AdAware doesn't, but didn't register any hits. Browsers crash if I google search the .exe's, and msconfig is unreachable. Anyone have any ideas?

I would like to thank anyone that read this as I know its a bit long, but I would greatly appreciate any help/ideas anyone has. This is VERY frustrating as you can imagine.

[EDIT]haha, the
Code: 
 snippet I put in didn't do any kind of wordwrap, sorry.  It may be more legible if copy/pasted to Notepad[/EDIT]
 
it's no easy feat typing something into google and getting zero results either
 
does safe mode work?
how about virus scans and stuff?
also download hijack this
 
You must log in or register to reply here.

Similar threads

D
"could not parse error", what should i do?
Replies
1
Views
1K
petergroft29
P
B
Clean Install of Windows 11
Replies
7
Views
1K
petergroft29
P
K
I keep on receiving different error messages while scraping with python-bs4 with requests
Replies
0
Views
937
kavyasahu
K
S
VDSL Cisco 887VA Vodafone
Replies
2
Views
2K
root
root
W
CPU at 140 degrees C
Replies
4
Views
3K
S0ULphIRE
S0ULphIRE
Back
Top Bottom