Avast WEBforum
Other => Viruses and worms => Topic started by: nanajana on December 03, 2013, 09:59:14 PM
-
Hi,
I need help in identifying what boost_interprocess is? I found this folder in C: ProgramData and it has 2 files: Nobu64AgentService & Nobu64TrayIcon. Each file is 21 kb in size. I don't know if it is a virus but the little bit of research I did seems to point in that direction.
Cheers,
Janice
-
follow guide and attach the requested logs (not copy and paste) http://forum.avast.com/index.php?topic=53253.0
we need Malwarebytes / OTL / aswMBR
when done a malware expert will check the logs
-
HI,
I have attached Malewarebytes and OTL but not aswMBR since I am running Windows 8.1 and it is not compatible with Win 8 yet. Is there an alternative aswMBR?
Cheers,
Janice
-
Hi there is no real requirement for an MBR check with windows 8 as it uses EUFI and not the MBR http://anewdomain.net/2013/07/23/windows-8-safe-secure-boot-and-eufi-deep-dive-how-it-works/
Boost interprocess is generally bad, although I have had a few gamers complain when I remove it ???
How is the computer behaving generally ?
-
Hi essexboy,
I don't really notice anything out of the ordinary. Its just that I found that folder that I don't think should be there.
Cheers,
Janice
-
Come to think of it my computer has crashed a few times on and off. Also I have these two entries in HKCU/Software: OMUPH & WEDLMNGR both of which I don't recall seeing before.
Cheers,
Janice
-
They may be related to old software that did not uninstall properly, the registry is usually littered with old software references. With the crashes is it when you are doing anything specific or just totally random ?
-
Hi essexboy,
They may be related to old software that did not uninstall properly
Okay, that's good!
I think it has crashed randomly and it was three or four times last week but seems okay so far this week. I'm really not sure, other than thinking "hmm I wonder what this is about" and then moving on & forgetting about it.
-
Do you have any minidump files in C:\windows\minidumps ?
-
No, I don't have C:\windows\minidumps folder.
Cheers,
Janice
-
So does this mean I don't have to worry about boost_interprocess?
Cheers,
Janice
-
Not really, as it is inactive, you can manually delete it :)
Any further problems with BSOD ?
-
Okay I will delete it. No problem since last week or so with BSOD so I'll keep an eye out to see if it happens again and check out what I would be doing at that time to make it crash.
Thanks for your help, very much appreciated!
Cheers,
Janice
-
No problem .. Run OTL and press cleanup to remove it :)
-
Hi essexboy,
I can't remove it. See att'd. I have no idea what folder or file is using it.
Cheers,
Janice
-
If you have not yet removed OTL could you give me the full file path and I will use that to remove it
e.g C:\Program Files (x86)\Foolish IT\CryptoPrevent
-
HI essexboy,
I have not removed OTL yet and the file path is: C:\ProgramData\boost_interprocess. I know or am pretty sure it came bundled with a program I downloaded and then uninstalled almost immediatley! I'm positive this showed up after this download and is part of another thread I had running: rundll conduit http://forum.avast.com/index.php?topic=140189.0. It actually showed up in JRT first.
Cheers,
Janice
-
Lets kill it for you :)
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
(https://dl.dropbox.com/u/73555776/OTL_Fix.GIF)
:Commands
[CREATERESTOREPOINT]
:Files
C:\ProgramData\boost_interprocess
:Commands
[resethosts]
[emptytemp]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
-
HI essexboy,
I did as requested but from what I can see its still there.
Cheers,
Janice
-
Hmm not showing on the logs..
Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode onto your desktop.
- Close all open programs and internet browsers.
- Double click on AdwCleaner.exe to run the tool.
- Click on Scan.
- After the scan is complete click on "Clean"
- Confirm each time with Ok.
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the content of that logfile with your next answer.
- You can find the logfile at C:\AdwCleaner[S1].txt as well.
-
Hi essexboy,
I have done as requested, see att'd. I also checked C:ProgramData & it is still there. So I decided to scan the boost_interprocess folder as well as the 2 sub-folders with Avast & Malwarebytes and both scanners said there was no threat found.
Cheers,
Janice
-
It can be a good or bad process and is normally associated with adware or games :) As Adwcleaner removed it and it was then respawned I would hazard a guess that it is a part of a game on your computer
-
Hi essexboy,
That certainly sounds probable so I'll not worry about it! Thanks yet again for all your help and for giving me peace of mind!
All the best to you and yours in 2014!
Cheers,
Janice
-
Keep safe Janice :)