|
|
|
What is fqqe.exe?
|
Original Message
|
Name: Super666
Date: November 7, 2003 at 14:52:32 Pacific
Subject: What is fqqe.exe?
OS: 2000
CPU/Ram: Pentium1.6/ 512
|
Comment: In task manager process fqqe.exe started to appear, what is it. I google searched it and got nothing.
Report Offensive Message For Removal
|
|
Response Number 1
|
Name: Buster65
Date: November 7, 2003 at 17:20:42 Pacific
Subject: What is fqqe.exe?
|
Reply: (edit)Try doing a search of your computer to see if you can find the program it may be associated with.
 Report Offensive Follow Up For Removal
|
|
Response Number 2
|
Name: Tom41
Date: November 8, 2003 at 00:41:16 Pacific
Subject: What is fqqe.exe? |
Reply: (edit)It could be W32.Bugbear.B or PurityScan 100 malware.. First, go here and run an online virus scan:
RAV Also, Download 'Hijack This!'. Unzip, doubleclick HijackThis.exe, and hit "Scan".
When the scan is finished, click "Save Log", and copy and paste it in a reply.
HijackThis!
Report Offensive Follow Up For Removal
|
|
Response Number 3
|
Name: Tim72
Date: November 9, 2003 at 14:09:54 Pacific
Subject: What is fqqe.exe?
|
Reply: (edit)I have the same thing. Norton said I had Hactool, Hacktool Flooder and IRC Trojan today (but couldn't fix them), now this process is appearing: Log File:
Logfile of HijackThis v1.97.3
Scan saved at 21:59:45, on 09/11/2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Norton Personal Firewall\NISSERV.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\system32\devldr32.exe
C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
C:\WINNT\system32\dla\tfswctrl.exe
C:\Program Files\Common files\Updater\wupdater.exe
C:\WINNT\SYSTEM32\fqqe.exe
C:\PROGRA~1\NORTON~2\navapw32.exe
C:\Program Files\GigaByte\EasyTune\EasyTune.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\nstrue.exe
C:\Program Files\Anti-Trojan-55\ATWatch.exe
C:\Program Files\Norton Personal Firewall\ATRACK.EXE
C:\WINNT\system32\rundll32.exe
C:\WINNT\Downloaded Program Files\eBayTBar.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\funky\LOCALS~1\Temp\Rar$EX01.546\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.co.uk/
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - {001F2570-5DF5-11d3-B991-00A0C9BB0874} - C:\WINNT\Downloaded Program Files\eBayBand.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINNT\system32\dla\tfswshx.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: eBay Toolbar - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - C:\WINNT\Downloaded Program Files\eBayBand.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [dla] C:\WINNT\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\Updater\wupdater.exe
O4 - HKLM\..\Run: [Norton AntiVirus] C:\WINNT\SYSTEM32\fqqe.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\navapw32.exe
O4 - HKLM\..\Run: [EasyTuneIII] C:\Program Files\GigaByte\EasyTune\EasyTune.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Pofatch] nstrue.exe
O4 - HKLM\..\Run: [Sysscan] C:\winnt\system32\drivers\etc\dll.bat
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [Anti-Trojan-Watch] C:\Program Files\Anti-Trojan-55\ATWatch.exe
O4 - HKLM\..\RunServices: [Pofatch] nstrue.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: eBay Toolbar.LNK = C:\WINNT\Downloaded Program Files\eBayTBar.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: updater.lnk = C:\Program Files\Common Files\updater\wupdater.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: eBay Toolbar (HKLM)
O9 - Extra 'Tools' menuitem: eBay Toolbar (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {001F2570-5DF5-11D3-B991-00A0C9BB0874} (eBay Helper Object) - http://download.ebay.com/toolbar/eBayTBar.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/0899db6af24b7fc57f15/netzip/RdxIE601.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37920.6926736111
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E090925-4507-4134-B61A-668F5D9BB89F}: NameServer = 158.43.240.3 158.43.240.4
Report Offensive Follow Up For Removal
|
|
Response Number 4
|
Name: Tom41
Date: November 9, 2003 at 17:28:08 Pacific
Subject: What is fqqe.exe? |
Reply: (edit)Tim72,
Open the task manager and end process on the following:
C:\WINNT\SYSTEM32\fqqe.exe
C:\WINNT\system32\nstrue.exe Run HT again and check the following items. Next, close all browser Windows, and have HT 'fix checked'. You Must restart your computer in safe mode when you're done. O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\Updater\wupdater.exe
O4 - HKLM\..\Run: [Norton AntiVirus] C:\WINNT\SYSTEM32\fqqe.exe
O4 - HKLM\..\Run: [Pofatch] nstrue.exe
O4 - HKLM\..\Run: [Sysscan] C:\winnt\system32\drivers\etc\dll.bat
O4 - HKLM\..\RunServices: [Pofatch] nstrue.exe Once in safe mode delete the following:
C:\WINNT\SYSTEM32\fqqe.exe
C:\WINNT\system32\nstrue.exe
C:\winnt\system32\drivers\etc\dll.bat Reboot to Windows and run an online virus scan, delete any files listed as infected. RAV
Report Offensive Follow Up For Removal
|
|
Response Number 5
|
Name: Tim72
Date: November 10, 2003 at 01:40:51 Pacific
Subject: What is fqqe.exe?
|
Reply: (edit)Thanks RAV, I've done that and it all seems OK now. The virus scan didn't pick anything up, but the following files are still residing in system32 folder. are they a threat??: fqeb.exe
autohack.bat
mIRCservices
script3.dll
results.txt (with an IP addy and the name GUS) can I just leave them all?
Report Offensive Follow Up For Removal
|
|
Response Number 6
|
Name: Tom41
Date: November 10, 2003 at 01:43:26 Pacific
Subject: What is fqqe.exe? |
Reply: (edit)Can you send me zipped copies of them to analyze?
Click my name for the email addy.
Report Offensive Follow Up For Removal
|
|
Response Number 7
|
Name: Tim72
Date: November 10, 2003 at 02:12:27 Pacific
Subject: What is fqqe.exe?
|
Reply: (edit)Just get an error message when I do that. can you mail me and I'll reply with attached rar file Thanks I've also noticed other files:
IPCPASS & IPCSCAN the text files of which seem to have lists of passwords and user accounts it's tried..
Report Offensive Follow Up For Removal
|
|
Response Number 8
|
Name: Tim72
Date: November 10, 2003 at 02:36:43 Pacific
Subject: What is fqqe.exe?
|
Reply: (edit)Also on the Hijak logfile is a hook to "incredifind".
"R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL" Is it safe to remove that as it's really annoying me....
Report Offensive Follow Up For Removal
|
|
Response Number 10
|
Name: freccia
Date: November 14, 2003 at 05:20:07 Pacific
Subject: What is fqqe.exe?
|
Reply: (edit)My log of ravantivirus: Found viruses
File: C:\optebis5.exe->(CABSfx)->CLS.BAT
Virus: Trojan:BAT/Flood.BI* Status: Infected
File: C:\optebis5.exe->(CABSfx)->NEXE.CPL
Virus: Trojan:IRC/Flood.BN* Status: Infected
File: C:\optebis5.exe->(CABSfx)->PLUG.DLL
Virus: Trojan:IRC/Flood.BI* Status: Infected
File: C:\optebis5.exe->(CABSfx)->r0n3.exe
Virus: TrojanDownloader:Win32/Apher.gen Status: Infected
File: C:\optebis5.exe->(CABSfx)->SYSTL.EXE
Virus: Tool:HideWindows Status: Infected
File: C:\optebis5.exe->(CABSfx)->TSYSL.BAT
Virus: Trojan:BAT/Flood.BN* Status: Infected
File: C:\Documents and Settings\Default User\Impostazioni locali\Temporary Internet Files\Content.IE5\VR2GZ6LQ\th4n3[1].exe->(CABSfx)->CLS.BAT
Virus: Trojan:BAT/Flood.BI* Status: Infected
File: C:\Documents and Settings\Default User\Impostazioni locali\Temporary Internet Files\Content.IE5\VR2GZ6LQ\th4n3[1].exe->(CABSfx)->NEXE.CPL
Virus: Trojan:IRC/Flood.BN* Status: Infected
File: C:\Documents and Settings\Default User\Impostazioni locali\Temporary Internet Files\Content.IE5\VR2GZ6LQ\th4n3[1].exe->(CABSfx)->PLUG.DLL
Virus: Trojan:IRC/Flood.BI* Status: Infected
File: C:\Documents and Settings\Default User\Impostazioni locali\Temporary Internet Files\Content.IE5\VR2GZ6LQ\th4n3[1].exe->(CABSfx)->r0n3.exe
Virus: TrojanDownloader:Win32/Apher.gen Status: Infected
File: C:\Documents and Settings\Default User\Impostazioni locali\Temporary Internet Files\Content.IE5\VR2GZ6LQ\th4n3[1].exe->(CABSfx)->SYSTL.EXE
Virus: Tool:HideWindows Status: Infected
File: C:\Documents and Settings\Default User\Impostazioni locali\Temporary Internet Files\Content.IE5\VR2GZ6LQ\th4n3[1].exe->(CABSfx)->TSYSL.BAT
Virus: Trojan:BAT/Flood.BN* Status: Infected
File: C:\WINNT\system32\camocx.dll
Virus: IRC/Generic* Status: Suspicious
File: C:\WINNT\system32\cmst.exe->(UPXW)
Virus: Backdoor:IRC/SdBot Status: Infected
File: C:\WINNT\system32\compy.exe
Virus: DDoS:Win32/ATHO Status: Infected
File: C:\WINNT\system32\heat.exe
Virus: TrojanDownloader:Win32/Apher.gen Status: Infected
File: C:\WINNT\system32\m00.exe->(UPXW)
Virus: Win32/NetWorm.gen! Status: Infected
File: C:\WINNT\system32\nfgns.exe
Virus: Backdoor:Win32/Ranck.A Status: Infected
File: C:\WINNT\system32\r0n3.exe
Virus: TrojanDownloader:Win32/Apher.gen Status: Infected
File: C:\WINNT\system32\Syscfg32.exe
Virus: Tool:HideWindows Status: Infected
File: C:\WINNT\system32\v0x.exe
Virus: TrojanDownloader:Win32/Apher.gen Status: Infected
File: C:\WINNT\system32\r0n36\CLS.BAT
Virus: Trojan:BAT/Flood.BI* Status: Infected
File: C:\WINNT\system32\r0n36\NEXE.CPL
Virus: Trojan:IRC/Flood.BN* Status: Infected
File: C:\WINNT\system32\r0n36\PLUG.DLL
Virus: Trojan:IRC/Flood.BI* Status: Infected
File: C:\WINNT\system32\r0n36\SYSTL.EXE
Virus: Tool:HideWindows Status: Infected
File: C:\WINNT\system32\r0n36\TSYSL.BAT
Virus: Trojan:BAT/Flood.BN* Status: Infected
File: C:\WINNT\system32\vox\tlbar.exe
Virus: Tool:HideWindows Status: Infected
File: C:\WINNT\system32\vox\v0x.exe
Virus: TrojanDownloader:Win32/Apher.gen Status: Infected
HELP ME !!!!
TANK You
Report Offensive Follow Up For Removal
|
|
Response Number 11
|
Name: TaRauDeuR
Date: December 25, 2003 at 04:33:39 Pacific
Subject: What is fqqe.exe?
|
Reply: (edit)Hi all
You will can find here a lot of great tool to removes virus or trojan on your computers :
http://www.wilders.org/anti_viruses.htm
i thinck the best way to check any virus is to use Kaspersky anti virus, download it here :
http://www.kaspersky.com/buyonline.html?info=26 I find in my computer more than 50 virus ( omg ). Gl to all
Report Offensive Follow Up For Removal
|
Use following form to reply to current message:
|
|
|
