Open Tech Support
Open Tech Support Archives
Back to HomeCommunityReviewsGuidesDownloadsTech LinksMarketplaceContact Us
 »  SITE NAVIGATION
»  OTS Home
»  OTS Forums
»  OTS Archives

»  About our site
»  Search our site
»  Support our site

»  What is this site?
»  Who are we?
 
 
 »  ADVERTISMENT
 
  Pages: 1

Howiper.exe help

 (Click here to view the original thread with full colors/images)

Posted by: Sam W.

Hey guys,
My Norton is giving me a Trojan alert for a file called Howiper.exe.
However, it is unable to fix it. I did a search on google and found posts dealing with this subject on the forums, but I don't really understand how people are solving it. I use Firefox so I havent had any redirecting issues like the others claim to face. I've run Ad-Aware and Spybot and they dont appear to be fixing the problem. If you guys would be able to assist me it would be greatly appreciated!

-Sam W.

Edit: Heres my HijackThis log:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr__.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\HPOVDX05.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\HPZinw12.exe


Posted by: Sam W.

Update:
I used Killbox to get rid of Howiper.exe on reboot and I havent been able to find it since.

However,
My computer takes longer to start up and longer to load most programs than it used to. I somewhat doubt this is me preceiving it as longer because I'm aware there was a problem. Hopefully someone will tell me if theres something else I can do?


Posted by: Holden

Sorry for delay in responding..been having trouble logging
on to this forum with the dirtrack nick, so had to re-register.

I can only tell you what I did to get rid of my malware files.
I googled files I was suspicious of that were added/created
about the same day and time my pc started acting up, then
followed up with forums/sites to read up on those and other files
the forums discussed. Once finished(took about 2 weeks to study
everything), I just started deleting all files mentioned as
trouble and cleaning things up. AGAIN, these were malware
files on MY pc, how I found them and steps I used to
isolate and delete or change them

I ran my Adaware and deleted trouble files mentioned. I ran
CW Shredder (small program to download if you dont have it.)
In my case, I had Registry First aid and Spybot and those
found several unneeded files.

..then went to.....

Start/Settings/Control Panel/ Internet Options/ delete cookies/ok,
then delete files, delete offline content/ok.
In the address bar, it showed nothing but numbers and letters.
In my case, I highlighted/deleted those symbols and typed in
http://yahoo.com to make that my home page,then ok at bottom to
close window.

Again, going on trouble files mentioned in forums, I did a
Start/Find/Files or folders, then typed in *.BMP and found
these. I right clicked each one, then delete.
C:\WINDOWS\system32\close.bmp
C:\WINDOWS\system32\dating.bmp
C:\WINDOWS\system32\gambling.bmp
C:\WINDOWS\system32\insurange.bmp
C:\WINDOWS\system32\pharmacy.bmp
C:\WINDOWS\system32\xxx.bmp

In Start/Find/Files or folders again, I typed in *.Exe and
found these. Again, I right clicked and deleted each one.
(**NOTE: Before deleting these, I googled and read up on each
file, as well as noticed that all were created on the same day
and time when I first got hit. Please check/read up on YOUR
files you deem suspicious ***BEFORE** deleting ANY exe files**)
If you're not sure, leave them alone, but all the below
mentioned trouble files were in my system that I deleted.
C:\WINDOWS\System32\yamue.exe
C:\WINDOWS\System32\idemlog.exe
C:\WINDOWS\system32\favset.exe
C:\WINDOWS\system32\filesafer23.exe
C:\WINDOWS\system32\dmfkc.exe
C:\WINDOWS\system32\howiper.exe
C:\WINDOWS\system32\pppcgm.exe
C:\WINDOWS\system32\sphlp32.exe
C:\WINDOWS\system32\csrvr.exe
C:\WINDOWS\system32\idesk.exe
C:\WINDOWS\system32\cswct.exe
C:\WINDOWS\system32\mscornet.exe
C:\WINDOWS\system32\A~NSISu.exe

Clicking Start/Find/Files and folders again, I searched
for 2 other files mentioned in forums as trouble, found
these and deleted each.
idemlogobar.jpg
C:\WINDOWS\system32\idesk.conf

Finally, Start/Run, type in regedit , then enter.
**Another note...if you're unsure what you're doing
in regedit, leave things alone to avoid creating
disaster in your pc. Again, I read up on these first
before making changes.**

Under:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\
There was one line in the RIGHT pane that showed idemlog.exe.
I deleted that exe line. (right click/delete)

Under:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\xedocne
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\23plhps
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\mgcppp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\tesvaf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\golmedi
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\32refaselif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\znhmd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd

All of these in the *RIGHT* pane I deleted

Finishing cleanup, I ran disk cleanup, scandisk and disk
degfragmenter. (Start/Programs/Accessories/System Tools.
Rebooted and haven't had any trouble since.

Hope this helps you a little.


Posted by: redwench

advanced spybot and hijackthis should bring up registry changes without you having to dive in yourself.


 
Copyright 2000-2008 Open Tech Support. All Rights Reserved. Site Design and Development by Tolitz Rosel.