Hi, I have a process on my computer called "setupobjmeow" that uses 100% of the CPU all the time. Does anyone know what this process is? It keeps loading itself up, even after i end the process in the Windows Task Manager. When i end it, the computer speeds up again to its normal speed. The operating system is Windows XP Pro with SP2 and Longhorn extentions (later probably not relevant). Any help would be appreciated Thanks Chris
Sounds like a trojan. See these. http://www.google.com/search?sourceid=navclient&ie=UTF-8&q=meow.exe http://www.google.com/search?sourceid=navclient&ie=UTF-8&q=trojan+meow.exe http://www.google.com/search?sourceid=navclient&ie=UTF-8&q=trojan+swizzor Have you tried both Ad-Aware and Spybot S&D? I am not sure if either of those have a chance at removal. This could be a difficult one. You may have to try other spyware and trojan removal programs to find one that works on this one. http://www.anti-trojan-software-reviews.com/ http://www.spywareremoversreview.com/
I would check your registry too HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Many trojans and spyware put entries in that key so that they run every time the computer is started. I would try to see if anything in there looks unfamiliar.
Hi, thanks for your replies. Its not listed in the registry edit and i am running all of these programs and nothing is picking it up: Windows XP Pro SP2 - with virus/trojan protection Firewall MacAfee Antivirus - Latest SpyHunter - LAtest Spy Sweeper - Latest Nothing is picking it up, yet still it keeps loading up, even when i switch user and then go back, it has somehow loaded up most times. If only i could find its route file?
Hi, thanks for your help. The problematic program is called setupobjmeow and using all of the cpu. I have the log from HijacThis. Here it is: I've highlighted the program in bold Logfile of HijackThis v1.97.7 Scan saved at 16:10:11, on 20/11/2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\GSICON.EXE C:\WINDOWS\system32\dslagent.exe C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe C:\Program Files\Common Files\Nokia\Tools\NclTray.exe C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\WINDOWS\system32\devldr32.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\System32\wisptis.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\GSICON.EXE C:\WINDOWS\system32\dslagent.exe C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe C:\Program Files\Common Files\Nokia\Tools\NclTray.exe C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\MSMSGS.EXE C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe c:\progra~1\intern~1\iexplore.exe C:\WINDOWS\system32\wuauclt.exe [bold]c:\docume~1\x1-chr~1\applic~1\sendgr~1\setupobjmeow.exe[/bold] C:\WINDOWS\system32\taskmgr.exe C:\Chris\Downloads\Spyware Removal\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ynshpmdfznwwuey.com/ktdqreX1ZGrhgA4YNSoMsTHXbgsM2a4TaiZsi9uCx42mx7KfABgpmZa25rIYF0zr.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 194.46.8.9:8080 O2 - BHO: (no name) - {029BB53A-C312-4b09-9B4F-ED57AF027B28} - C:\WINDOWS\winhlp32.dll O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {3EE53CA6-2A93-1C87-6C04-12C03B6525D2} - C:\DOCUME~1\X1-CHR~1\APPLIC~1\SIGNJU~1\FIRST DEAD.exe O2 - BHO: (no name) - {6526C900-B74D-18DF-3A3D-0926FFB0BD1E} - C:\DOCUME~1\KATEMA~1\APPLIC~1\SIGNJU~1\FIRST DEAD.exe O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MSZTCE] C:\WINDOWS\System32\MSZTCE.EXE O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\Tools\NclTray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [clfvrgsr] C:\WINDOWS\System32\dihvxzjy.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Jump camp shim multi] C:\Documents and Settings\All Users\Application Data\ooze deaf jump camp\knobmove.exe O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\SpyHunter\SpyHunter.exe O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe" O4 - HKLM\..\Run: [Media Gpl Cast Pile] C:\Documents and Settings\All Users\Application Data\keep safe media gpl\once setup.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR O4 - HKCU\..\Run: [YourMP3] rundll32.exe C:\WINDOWS\System32\MSA64CHK.dll,DllMostrar Matrix_HTML:YourMP3:t O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [titlehope] C:\DOCUME~1\X1-CHR~1\APPLIC~1\SENDGR~1\roamexit.exe O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0 O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: YourMP3 (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52....apple.com/saba/us/win/QuickTimeInstaller.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1099873619890 O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} (Matrix Class) - http://acceso.masminutos.com/laaplicacion.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/gampr-gb/gbp/games4.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38081.5880439815 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v5.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn298.exe O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CD} - http://direct.data-line.us/gbn298.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{FB668FF9-E7C2-49CC-A763-4F7913357B73}: NameServer = 194.46.8.51 194.46.8.2
I just deleted the file from the location it gave. Im hoping that this will correct the problem, i don't know though.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ynshpmdfznwwuey.com/ktdqreX1ZGrhgA4YNSoMsTHXbgsM2a4TaiZsi9uCx42mx7KfABgpmZa25rIYF0zr.html O2 - BHO: (no name) - {029BB53A-C312-4b09-9B4F-ED57AF027B28} - C:\WINDOWS\winhlp32.dll O4 - HKLM\..\Run: [MSZTCE] C:\WINDOWS\System32\MSZTCE.EXE (Thats a Trojan dialler) O4 - HKLM\..\Run: [clfvrgsr] C:\WINDOWS\System32\dihvxzjy.exe O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn298.exe O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CD} - http://direct.data-line.us/gbn298.exe Put a tick in all of the above **O2 - BHO: (no name) - {3EE53CA6-2A93-1C87-6C04-12C03B6525D2} - C:\DOCUME~1\X1-CHR~1\APPLIC~1\SIGNJU~1\FIRST DEAD.exe **O2 - BHO: (no name) - {6526C900-B74D-18DF-3A3D-0926FFB0BD1E} - C:\DOCUME~1\KATEMA~1\APPLIC~1\SIGNJU~1\FIRST DEAD.exe **O4 - HKCU\..\Run: [titlehope] C:\DOCUME~1\X1-CHR~1\APPLIC~1\SENDGR~1\roamexit.exe Those 3 i have never seen before, if you know what the program is leave it, if you dont put a tick in them aswell Click on fix selected. Now once thats done, a few more steps Download, Update from Program Menu, and run the following: Adaware - http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-8022_4-10319876.html?tag=lst-0-1 Spybot - http://www.download.com/Spybot-Search-Destroy/3000-8022_4-10289035.html?tag=lst-0-2 Once that is done, go to http://housecall.trendmicro.com and run an online virus scan. Once that is done you should be all right. Also make sure you delete the setupobjmeow file, you may need to go into safe mode though. CJC
Hi, thanks. I did all that. I deleted/quarantined all of the stuff that Ad-Aware displayed (305 of them) after doing the HijackThis as you stated. It seems to have turned off my MacAfee Virus software though and i cant turn it back on. Maybe when i restart it will work, or else i suppose i can download a fresh copy from MacAfee. I did the Search & Destroy and it came up with a few more that i quarantined and deleted. I ran the online virus scan and it found four viruses which i deleted. I hope this is the end of my problems. Thank you very much for your help Chris
highest # of spyware on a computer i've worked on was 1164 & a friend worked on one that had about 1400 spywares on it
