Jump to content
Sign in to follow this  
shtyra

Problem with n.exe

Recommended Posts

Hello all. I am having a problem removing Vundo/variant. Some basics first; I run the following on my laptop, Windows XP, Avira free edition, Malwarebytes free edition, Zonealarm firewall free edition and SuperAntispyware Professional edition.

My problem started yesterday after n.exe requested permission from ZoneAlarm to access. I denied permission but as soon as I did that IE windows started popping up. (I run Firefox) I immediately closed my browser figuring an infection. I tried to run Malwarebytes and the .exe file was missing. I then tried to run SuperAntispyware Professional edition, which ran fine, and it popped up 24 infections all with Vundo/variant or some variation of. I quarantined all, rebooted and ran the program again, it ran clean. I then ran Avira free edition antivirus and it ran clean. I reinstalled Malwarebytes and ran that and it detected 6 Vundo variation, which I quarantined. Ran again, clean. Ran SuperAntispyware again, it ran clean.

I then opened Firefox and checked a few sites (known news sites approved by McAfee siteadvisor) and in about 1/2 hour n.exe requested permission again. I denied the request and IE windows started popping up. Hibernated for the night and in the morning I googled n.exe to find it is a known malware/spyware and rather nasty. I made sure SAS, MWB and Avira were updated and tried to run MWB. Of course the .exe was missing. I ran SAS and the same 24 detections as yesterday popped up. It was like deja vu. I followed yesterdays process of running SAS, Avira and MSB until clean. I then navigated to where ZoneAlarm told me n.exe was located and it was still there. I scanned the file with all three and none detected it as malicious. Which would be fine, except I'm still having reinfections and I suspect n.exe is the cause.

Help! Any advice on how to get rid of this nasty bugger?

Share this post


Link to post
Share on other sites

Hi Seth, thanks for the reply. I've run ComboFix on the suggestion from another site (majorgeeks) and they are analyzing the log. So far so good. If I still have problems, I will contact Support.

Thanks again for the reply.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×