Please Help! -- Is this malware?

Discussion in 'malware problems & news' started by Jo Ann, Jan 6, 2007.

Thread Status:
Not open for further replies.
  1. Jo Ann

    Jo Ann Registered Member

    Joined:
    Jan 6, 2007
    Posts:
    619
    Hello everyone. After trying unsuccessfully to help me, my friend suggested that some of you knowledgeable people here might be able to advise me on this problem...

    Lately my system (Windows XP) has been running very slow and quite often my mouse-arrow turns to an hour-glass without my even running anything! My friend had me check my startup programs and told me that he didn't notice anything unusual there and then asked me to run a complete malware scan with my anti-virus/spyware program (F-Secure Internet Security).

    Less than a minute after starting the scan it stops with the message that it could not read the following file on my system:
    C:\WINDOWS\Ufxmaint31.exe
    I attempted the scan again and again, only to realize the same result each time.

    I strongly suspect that this file may be malware. Can anyone tell me if I should delete this file, or what I should do next? :(
     
  2. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    If the suspicion regarding malware is based solely on the inability of F-Secure to scan the file, I'd look a bit deeper first. What, if anything, does a peek at the file properties reveal? Is there an active process associated with this file/path? What is the last modified date on the file? Is it a recent addition? Do you have any known installed programs named with some derivative of UFX (examples would include Ultimate FX, Ultra FX, and so on)?

    Slowness can be due to many things, but a simple exercise is to look at CPU time charged to various active processes to see if any stand out.

    Blue
     
  3. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?

    Before you panic because you are in doubt about a file. Scan it using a "Multi" engine scanner. There are a few good ones available. They basically use the database and scopes of the original engine of the products it tests for and it is pretty acurate.
    Here is a link to virus total. Just look at the upper right corner you have a file upload link. Just upload the file and let it test it...
    http://www.virustotal.com/en/indexf.html
     
  4. pvsurfer

    pvsurfer Registered Member

    Joined:
    Sep 1, 2004
    Posts:
    1,617
    Location:
    USA
    Blue - one question, how does she determine if there are any active processes associated with the file?
     
  5. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Process Explorer

    Blue
     
  6. EraserHW

    EraserHW Malware Expert

    Joined:
    Oct 19, 2005
    Posts:
    588
    Location:
    Italy
    Do you have Backup to DVD/CD burning software? If so, this file is from this sw setup
     
  7. Jo Ann

    Jo Ann Registered Member

    Joined:
    Jan 6, 2007
    Posts:
    619
    First, let me thank those of you who tried to help me with my situation, where my CPU was running at near 100% most of the time (even during idle).

    As some of you thought, the problem wasn't the file which my AV couldn't scan, but was in fact the AV scanner itself! My friend (who has been helping me) noticed that one of F-Secure's programs was accounting for most of the CPU usage, so he completely removed FSIS and then re-installed it. Doing that completely solved the problem - all is now well.

    Your suggestions were appreciated,
    Jo Ann
     
  8. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    At the end of the day, that's the important thing. Glad to hear that the problem is now gone.

    Blue
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.