UfQ1.exe

Discussion in 'adware, spyware & hijack cleaning' started by coinbre, Nov 23, 2003.

Thread Status:
Not open for further replies.
  1. coinbre

    coinbre Guest

    I got into a what I thought was a harmless web site and man did I get socked with spyware.
    I was able to remove them all with AdAware and Spybot but I still see something in my PC I have not seen before. It is called UfQ1.exe and it resides in windows/system32 folder. I detected it in msconfig and tried to disable it 3 or 4 times but it will check itself again and again. Updating Adaware and Spybot did not detect it and a search in Google brings up nothing. I am noticing numerous pop-up ads I never experienced before.

    Any thought of what this might be and how to erradicate it?
     
  2. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA
    Follow the instructions in this thread, please!
    Since you already tried Ad-Aware and Spybot, you can skip to step 2, and continue using thig thread :cool:

    http://www.wilderssecurity.com/showthread.php?t=15913
     
  3. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Hi Coinbre!

    Can you please download and run HijackThis from

    http://www.tomcoyote.org/hjt/hijackthis.zip

    and scan the system but do *not* try to fix anything yet as many of the items listed are necessary, instead press the "save log" button and copy and paste the log here for someone to review and advise on.

    Thanks!

    [ late edit - Ahhhhh, Detox was quicker at the draw again! :D ]
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi coinbre,

    If you think you can manage yourself, have a look here:
    http://www.wilderssecurity.com/index.php?board=16;threadid=15983;start=0#msg99531 regarding the Peper trojan

    But certainly feel free to follow Detox´s advise and we will help you get rid of it.

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.