Thursday, March 03, 2011

Bushwacked by QENABMCHMOF.exe

I'm hating it right now. Yesterday afternoon while puttering around on the blogs a hacker or web site slipped a virus or malware on to the hard drive of my Alienware computer. I saw it happening just a second too late and my response after that proved to be a mistake.

I had three windows open in Firefox and was switching back and forth between them. I switched back to one and noticed a small window towards the bottom of the screen that was showing something being downloaded or an operation in progress. The top of the window said, "Downloading" (Yes, it said that). I immediately clicked on the Cancel button but it looked like it was too late.

I immediately went into panic mode and closed all three windows, then fumbled with my ZoneAlarms firewall and shut off all internet activity. Then I did a virus scan. The scan showed no infections. I thought maybe it was a non- issue, unlocked the internet and tried to open Firefox again but it told me Firefox was already open. I've had that happen before so I rebooted the computer.

Once it was back up the firewall started popping up warnings about a couple programs trying to access the internet or gaining access to privileged resources. I denied the programs the first couple times then decided I better figure out what those programs are, assuming I could.

I typed the name of the first one, a Jusched.exe, into Google and it came back as being something associated with Java updates. I figured it must be ok so let it do it's thing. Not sure if I should have done that now. The second was QENABMCHMOF.exe. I typed that into Google and got no results. I typed it into Yahoo. Again, no results. That should have been the flag.

But, nope, I figured if it was something bad there would have been info on it. Wrong answer, as new viruses come out every day. A short time after I allowed it to do it's thing all hell broke loose on the computer. A screen pops up saying there's 1200 viruses on my computer and it's finding more. I tell it to stop but it keeps popping up. It's not my anti- virus program. It's a virus or malware.

To make a long story a little shorter, Connie tried to play her games and it wouldn't allow the games to open. Then I started getting messages that a bunch of programs couldn't be found. Things didn't look good.

I finally rebooted and rescanned the hard drive with still no infections found. I managed to get most things up and running, or so it seems, but I can't access the internet with either Explorer, Firefox or Zonealarms. ZoneAlarms the big one since if it could get updated I might be able to catch the virus. Now I can't. Oddly enough, I can still get online and play Aces High. Not sure what's with that.

I went to reformat the hard drive last night but remembered the CD drive didn't work so I couldn't read from my Windows XP disk. I'm stuck until I get another CD drive, unless anyone has any other ideas. Until then, I'm stuck doing my writing on the laptop.


At 8:33 AM, Anonymous Anonymous said...

It sounds like you visited a malicious website and it downloaded and installed software. Firefox has a failsafe. Firefox won't let a website install software without first throwing up a window to ask you if it's OK to install the software. It's clear to me you got confused and clicked a button authorizing the software to be installed.

Wanna tell us what type of website you were visiting? I have two guesses.

If you want more protection, install NoScript to disable JavaScript on websites by default. You'll have to activate JavaScript on a website-by-website basis. You can whitelist the websites you, ahem, frequently visit.

At 9:42 AM, Blogger Fred Mangels said...

I received a comment supposedly made here in my e-mail but I don't see it here. First time that's ever happened.

I guess ZoneAlarms was able to update itself. I saw what looked like it being updated and, after it got done, I ran anther scan and it found at least 13 copies of HEUR:Trojan.Win32.Generic.

It said it quarantined all but one. I tried to delete the last one but I'm still getting pop ups and still can't go online. I guess it's hiding somewhere so I'll do the super duper search where anti- virus checks every nook and cranny of the system. That might take forever but that might be the only way to find it besides reformatting.

At 12:01 PM, Anonymous Anonymous said...

Reformatting won't help if it's in your CMOS. You'd have to issue a CMOS update, too.

At 12:32 PM, Blogger Fred Mangels said...

I saw one guy in some virus forum say reformatting got rid of that virus on his system.

At this point, I think I got rid of it. Scanned a second time doing the more thorough search and it found 3 more copies of it in the same place as last time.

Just like last time, Zonealarms said it couldn't repair one and gave me some other choices. First time I clicked delete but I guess it wasn't deleted. This time I tried it again, clicked Apply, and it didn't delete.

So, I chose "Delete on boot up" and restarted. No pop ups, so far, and the signature icon it had in the task bar is gone. Even played a half hour or so of Aces High and it worked fine. Got booted this morning because of it and the pop up ads.

The only problem left now is I can't connect to my modem with any of my browsers or e-mail programs. I'm guessing somehow the virus changed some settings or is blocking a port? All I can think of is to reinstall the sbcglobal dsl stuff off the disk and see if that gets it working.

If that doesn't work, I guess I'll have to reformat the hard drive.

At 2:20 PM, Blogger Ernie Branscomb said...

I've been getting comments to my blog that show up in my e-mail, but not on my blog. I think that sombody is messing with blogspot. This morning some hacker completly took out wordpress. Somebody hates us bloggers.

(I think that somebody is practicing to see if they can really shutdown the blogs if they decide to)

At 4:55 AM, Anonymous Russian said...

This is my first time, when i am around. The article looks nice and has good value.

At 6:53 AM, Anonymous Anonymous said...

If you haven't recently upgraded Firefox it is now vulnerable to attacks. You might need a malware program.

At 6:59 AM, Blogger Fred Mangels said...

I upgrade it every time an upgrade is available.

At 1:32 PM, Blogger Fred Mangels said...

Whad'ya know. I think I fixed at least Firefox. Neither of my browsers were working. For some reason that escapes me now, I uninstalled Firefox the night the problem hit.

I decided to reinstall Firefox if only to get some of the bookmarks I wanted back. So I downloaded Firefox thru my laptop and put it on a flash drive. Installed it and immediately, upon opening Firefox had the window pop up to "dial up sbcglobal". I tried it and it couldn't connect.

Then, more by accident than design, I clicked on a bookmark and all of the sudden the web site showed up.

It looks like the virus did something to the settings of my browsers so they couldn't connect. I did notice Firefox was prohibited from doing internet on my firewall. I can't imagine why I would do that. I fixed that.

Thing is Explorer was allowed access and it still doesn't work.

At 12:54 AM, Blogger Rose said...

Fred (and Ernie) - you SHOULD get all post and comments emailed to you - check your settings, enter your email address... it is WAY easier than checking posts, and you have a record of everything that comes in. It won't email you when you Update a post, but it will send you the original.

Ernie, when you get a comment emailed that DOESN'T show up on the post, it may have gotten caught in Blogger's spam filter, check the COMMENTS section in your dashboard (not the settings) - it will let you either delete the many spam comments or PUBLISH the ones that should get through.

Good luck - and sorry to hear about the virus, Fred.

Everything's been weird the last couple days - getting other people's names again on Wordpress blogs (it thinks you're somebody you're not), Suddenlink's email has been down all day (which is why I am dealing with it now) 'cause I do get the comments emailed to me, and just general weirdness, maybe it's sunspots.

At 5:50 AM, Blogger Fred Mangels said...

Ooops, your're right Rose. The comment was awaiting moderation as suspected spam. I forgot about that.


Post a Comment

<< Home