What is fqqe.exe?

Computing.Net > Forums > Windows 2000 > What is fqqe.exe?

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

What is fqqe.exe?

Name: Super666
Date: November 7, 2003 at 14:52:32 Pacific
OS: 2000
CPU/Ram: Pentium1.6/ 512

Comment:

In task manager process fqqe.exe started to appear, what is it. I google searched it and got nothing.

Sponsored Link

Ads by Google

Response Number 1

Name: Buster65
Date: November 7, 2003 at 17:20:42 Pacific

Reply:

Try doing a search of your computer to see if you can find the program it may be associated with.

Response Number 2

Name: Tom41
Date: November 8, 2003 at 00:41:16 Pacific

Reply:

It could be W32.Bugbear.B or PurityScan 100 malware..
First, go here and run an online virus scan:
RAV
Also, Download 'Hijack This!'. Unzip, doubleclick HijackThis.exe, and hit "Scan".
When the scan is finished, click "Save Log", and copy and paste it in a reply.
HijackThis!

Response Number 3

Name: Tim72
Date: November 9, 2003 at 14:09:54 Pacific

Reply:

I have the same thing. Norton said I had Hactool, Hacktool Flooder and IRC Trojan today (but couldn't fix them), now this process is appearing:
Log File:
Logfile of HijackThis v1.97.3
Scan saved at 21:59:45, on 09/11/2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Personal Firewall\NISUM.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Norton Personal Firewall\NISSERV.exe
C:\WINNT\Explorer.exe
C:\WINNT\system32\devldr32.exe
C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
C:\Program Files\Norton Personal Firewall\IAMAPP.exe
C:\WINNT\system32\dla\tfswctrl.exe
C:\Program Files\Common files\Updater\wupdater.exe
C:\WINNT\SYSTEM32\fqqe.exe
C:\PROGRA~1\NORTON~2\navapw32.exe
C:\Program Files\GigaByte\EasyTune\EasyTune.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\nstrue.exe
C:\Program Files\Anti-Trojan-55\ATWatch.exe
C:\Program Files\Norton Personal Firewall\ATRACK.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\Downloaded Program Files\eBayTBar.exe
C:\Program Files\Internet Explorer\IEXPLORE.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINNT\system32\NOTEPAD.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\funky\LOCALS~1\Temp\Rar$EX01.546\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.co.uk/
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - {001F2570-5DF5-11d3-B991-00A0C9BB0874} - C:\WINNT\Downloaded Program Files\eBayBand.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINNT\system32\dla\tfswshx.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: eBay Toolbar - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - C:\WINNT\Downloaded Program Files\eBayBand.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Personal Firewall\IAMAPP.exe
O4 - HKLM\..\Run: [dla] C:\WINNT\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\Updater\wupdater.exe
O4 - HKLM\..\Run: [Norton AntiVirus] C:\WINNT\SYSTEM32\fqqe.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\navapw32.exe
O4 - HKLM\..\Run: [EasyTuneIII] C:\Program Files\GigaByte\EasyTune\EasyTune.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Pofatch] nstrue.exe
O4 - HKLM\..\Run: [Sysscan] C:\winnt\system32\drivers\etc\dll.bat
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [Anti-Trojan-Watch] C:\Program Files\Anti-Trojan-55\ATWatch.exe
O4 - HKLM\..\RunServices: [Pofatch] nstrue.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: eBay Toolbar.LNK = C:\WINNT\Downloaded Program Files\eBayTBar.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe
O4 - Global Startup: updater.lnk = C:\Program Files\Common Files\updater\wupdater.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: eBay Toolbar (HKLM)
O9 - Extra 'Tools' menuitem: eBay Toolbar (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {001F2570-5DF5-11D3-B991-00A0C9BB0874} (eBay Helper Object) - http://download.ebay.com/toolbar/eBayTBar.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/0899db6af24b7fc57f15/netzip/RdxIE601.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37920.6926736111
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E090925-4507-4134-B61A-668F5D9BB89F}: NameServer = 158.43.240.3 158.43.240.4

Response Number 4

Name: Tom41
Date: November 9, 2003 at 17:28:08 Pacific

Reply:

Tim72,
Open the task manager and end process on the following:
C:\WINNT\SYSTEM32\fqqe.exe
C:\WINNT\system32\nstrue.exe
Run HT again and check the following items. Next, close all browser Windows, and have HT 'fix checked'.
You Must restart your computer in safe mode when you're done.
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\Updater\wupdater.exe
O4 - HKLM\..\Run: [Norton AntiVirus] C:\WINNT\SYSTEM32\fqqe.exe
O4 - HKLM\..\Run: [Pofatch] nstrue.exe
O4 - HKLM\..\Run: [Sysscan] C:\winnt\system32\drivers\etc\dll.bat
O4 - HKLM\..\RunServices: [Pofatch] nstrue.exe
Once in safe mode delete the following:
C:\WINNT\SYSTEM32\fqqe.exe
C:\WINNT\system32\nstrue.exe
C:\winnt\system32\drivers\etc\dll.bat
Reboot to Windows and run an online virus scan, delete any files listed as infected.
RAV

Response Number 5

Name: Tim72
Date: November 10, 2003 at 01:40:51 Pacific

Reply:

Thanks RAV,
I've done that and it all seems OK now.
The virus scan didn't pick anything up, but the following files are still residing in system32 folder. are they a threat??:
fqeb.exe
autohack.bat
mIRCservices
script3.dll
results.txt (with an IP addy and the name GUS)
can I just leave them all?

mobsync.exe lexpps.exe virus ddos	what is iexplore.exe what is LEXPPS.exe what is qttask.exe startup
See More

Response Number 6

Name: Tom41
Date: November 10, 2003 at 01:43:26 Pacific

Reply:

Can you send me zipped copies of them to analyze?
Click my name for the email addy.

Response Number 7

Name: Tim72
Date: November 10, 2003 at 02:12:27 Pacific

Reply:

Just get an error message when I do that. can you mail me and I'll reply with attached rar file
Thanks
I've also noticed other files:
IPCPASS & IPCSCAN
the text files of which seem to have lists of passwords and user accounts it's tried..

Response Number 8

Name: Tim72
Date: November 10, 2003 at 02:36:43 Pacific

Reply:

Also on the Hijak logfile is a hook to "incredifind".
"R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL"
Is it safe to remove that as it's really annoying me....

Response Number 9

Name: Tom41
Date: November 10, 2003 at 03:01:16 Pacific

Reply:

Yes, It's safe to fix it with HT.

Response Number 10

Name: freccia
Date: November 14, 2003 at 05:20:07 Pacific

Reply:

My log of ravantivirus:
Found viruses
File: C:\optebis5.exe->(CABSfx)->CLS.BAT
Virus: Trojan:BAT/Flood.BI* Status: Infected

File: C:\optebis5.exe->(CABSfx)->NEXE.CPL
Virus: Trojan:IRC/Flood.BN* Status: Infected

File: C:\optebis5.exe->(CABSfx)->PLUG.DLL
Virus: Trojan:IRC/Flood.BI* Status: Infected

File: C:\optebis5.exe->(CABSfx)->r0n3.exe
Virus: TrojanDownloader:Win32/Apher.gen Status: Infected

File: C:\optebis5.exe->(CABSfx)->SYSTL.EXE
Virus: Tool:HideWindows Status: Infected

File: C:\optebis5.exe->(CABSfx)->TSYSL.BAT
Virus: Trojan:BAT/Flood.BN* Status: Infected

File: C:\Documents and Settings\Default User\Impostazioni locali\Temporary Internet Files\Content.IE5\VR2GZ6LQ\th4n3[1].exe->(CABSfx)->CLS.BAT
Virus: Trojan:BAT/Flood.BI* Status: Infected

File: C:\Documents and Settings\Default User\Impostazioni locali\Temporary Internet Files\Content.IE5\VR2GZ6LQ\th4n3[1].exe->(CABSfx)->NEXE.CPL
Virus: Trojan:IRC/Flood.BN* Status: Infected

File: C:\Documents and Settings\Default User\Impostazioni locali\Temporary Internet Files\Content.IE5\VR2GZ6LQ\th4n3[1].exe->(CABSfx)->PLUG.DLL
Virus: Trojan:IRC/Flood.BI* Status: Infected

File: C:\Documents and Settings\Default User\Impostazioni locali\Temporary Internet Files\Content.IE5\VR2GZ6LQ\th4n3[1].exe->(CABSfx)->r0n3.exe
Virus: TrojanDownloader:Win32/Apher.gen Status: Infected

File: C:\Documents and Settings\Default User\Impostazioni locali\Temporary Internet Files\Content.IE5\VR2GZ6LQ\th4n3[1].exe->(CABSfx)->SYSTL.EXE
Virus: Tool:HideWindows Status: Infected

File: C:\Documents and Settings\Default User\Impostazioni locali\Temporary Internet Files\Content.IE5\VR2GZ6LQ\th4n3[1].exe->(CABSfx)->TSYSL.BAT
Virus: Trojan:BAT/Flood.BN* Status: Infected

File: C:\WINNT\system32\camocx.dll
Virus: IRC/Generic* Status: Suspicious

File: C:\WINNT\system32\cmst.exe->(UPXW)
Virus: Backdoor:IRC/SdBot Status: Infected

File: C:\WINNT\system32\compy.exe
Virus: DDoS:Win32/ATHO Status: Infected

File: C:\WINNT\system32\heat.exe
Virus: TrojanDownloader:Win32/Apher.gen Status: Infected

File: C:\WINNT\system32\m00.exe->(UPXW)
Virus: Win32/NetWorm.gen! Status: Infected

File: C:\WINNT\system32\nfgns.exe
Virus: Backdoor:Win32/Ranck.A Status: Infected

File: C:\WINNT\system32\r0n3.exe
Virus: TrojanDownloader:Win32/Apher.gen Status: Infected

File: C:\WINNT\system32\Syscfg32.exe
Virus: Tool:HideWindows Status: Infected

File: C:\WINNT\system32\v0x.exe
Virus: TrojanDownloader:Win32/Apher.gen Status: Infected

File: C:\WINNT\system32\r0n36\CLS.BAT
Virus: Trojan:BAT/Flood.BI* Status: Infected

File: C:\WINNT\system32\r0n36\NEXE.CPL
Virus: Trojan:IRC/Flood.BN* Status: Infected

File: C:\WINNT\system32\r0n36\PLUG.DLL
Virus: Trojan:IRC/Flood.BI* Status: Infected

File: C:\WINNT\system32\r0n36\SYSTL.exe
Virus: Tool:HideWindows Status: Infected

File: C:\WINNT\system32\r0n36\TSYSL.BAT
Virus: Trojan:BAT/Flood.BN* Status: Infected

File: C:\WINNT\system32\vox\tlbar.exe
Virus: Tool:HideWindows Status: Infected

File: C:\WINNT\system32\vox\v0x.exe
Virus: TrojanDownloader:Win32/Apher.gen Status: Infected

HELP ME !!!!
TANK You

Response Number 11

Name: TaRauDeuR
Date: December 25, 2003 at 04:33:39 Pacific

Reply:

Hi all
You will can find here a lot of great tool to removes virus or trojan on your computers :
http://www.wilders.org/anti_viruses.htm
i thinck the best way to check any virus is to use Kaspersky anti virus, download it here :
http://www.kaspersky.com/buyonline.html?info=26
I find in my computer more than 50 virus ( omg ).
Gl to all

Sponsored Link

Ads by Google

Internet problem

Does anyone where to down...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Windows 2000 Forum Home

Sponsored links

Ads by Google

Results for: What is fqqe.exe?

what is pchschd.exe?

Summary

www.computing.net/answers/windows-2000/what-is-pchschdexe/47477.html

what is mswin.exe for??

Summary

www.computing.net/answers/windows-2000/what-is-mswinexe-for/37113.html

what is winkbon.exe

Summary

www.computing.net/answers/windows-2000/what-is-winkbonexe/43307.html

From the Geek Dictionary
WOW - Not to be mistaken for an exclamation of surprise, the acronym WOW or WoW i...

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 6 Days.
Discuss in The Lounge
Poll History

Recent Posts
fake virus scanner

lost password

how to make it louder?

Lost Files But Did Not Deleting Them (HELP!!)

Internet fails after removing Antivirus PRO

All Awaiting Reply

Tom's News
Woman Tracks Down Club Attacker on Facebook

Geolocation Functions Come to Twitter

New Craigslist Trend: Trade Sex for Rent?

Law Firm Investigates MS Over Xbox Live Bans

Amazon Charges $25 for Palm Pixi and $80 for Pre

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE