Author Topic: xhrngmluerb.exe  (Read 4343 times)

0 Members and 1 Guest are viewing this topic.

bn11954

  • Guest
xhrngmluerb.exe
« on: January 25, 2011, 01:00:11 AM »
Has any one had trouble with xhrngmluerb.exe, it keeps trying to connect to the internet. I ran the Avast scan and boot scan and didn't come up with it. A couple of minutes ago Avast warned about and said it had been put in the chest, but just now it tried to connect to the internet again. A web search for it didn't come up with anything.
Can any one help.

Offline Rednose

  • Pirate Party Member
  • Avast Überevangelist
  • Massive Poster
  • *****
  • Posts: 3739
  • Bits of Freedom : https://www.bof.nl
    • Nederlandstalig Avast! forum
Re: xhrngmluerb.exe
« Reply #1 on: January 25, 2011, 01:21:05 AM »
Hi bn11954, welcome to the forum :)

Follow the procedure from this topic :

http://forum.avast.com/index.php?topic=53253.0

And post/attach the requested logs in your next reply.

I will pm essexboy that you need help, with a link to this topic :)

Greetz, Red.
« Last Edit: January 25, 2011, 01:26:15 AM by Rednose »
OS: Win 10 / iOS 17 / Debian 12 / Tails 5
Real Time: Avast Premium Security
On Demand: Malwarebytes
VPN: NordVPN ( NordLynx ) with Threat Protection ( Lite )

bn11954

  • Guest
Re: xhrngmluerb.exe
« Reply #2 on: January 25, 2011, 03:56:00 AM »
Thanks for the reply.
I ran mbam and the log is below
-------------------
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5592

Windows 5.1.2600 Service Pack 3, v.5973
Internet Explorer 7.0.5730.13

25/01/2011 12:18:24 PM
mbam-log-2011-01-25 (12-18-24).txt

Scan type: Quick scan
Objects scanned: 151019
Time elapsed: 4 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\jdqlicwk (Trojan.FakeAlert.Gen) -> Value: jdqlicwk -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\don hardie\local settings\temp\0.3752704622822739.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\don hardie\local settings\temp\eheatthia\trz7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
--------------------------------

I then ran OTL and it ran for over an hour stuck on HKEY_LOCAL_MACHINE Run Keys and then showed Not Responding, I tried twice more with the same result.

SafeSurf

  • Guest
Re: xhrngmluerb.exe
« Reply #3 on: January 25, 2011, 09:44:36 AM »
@ bn11954,

Have you rebooted your machine then tried to run OTL again?  Check the information on the first post of this thread under Virus/Worms for you to check your machine for malware: http://forum.avast.com/index.php?topic=53253.0 for the download on OTL and attach to your post.  Please let us know if you still have problems.

You may also want to update MBAM again, and run another quick MBAM scan as well as an Avast boot scan.  If any infection comes up in the boot scan, put it in the Virus Chest if you are unable to run the OTL log for now.

Essexboy usually comes on the forum late UK time zone, so he should be along shortly.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37505
  • Not a avast user
Re: xhrngmluerb.exe
« Reply #4 on: January 25, 2011, 09:59:59 AM »
you can also upload the "xhrngmluerb.exe" file to www.virustotal.com and test it with 43 malware scanners
when you have the result, copy the url in the address bar and post it here

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: xhrngmluerb.exe
« Reply #5 on: January 25, 2011, 08:38:51 PM »
Lets try OTL's big brother

Download OTS to your Desktop and double-click on it to run it
  • Make sure you close all other programs and don't use the PC while the scan runs.
  • Select All Users
  • Under additional scans select the following
Reg - NetSvcs
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check
File - Purity Scan


  • Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Please attach the log in your next post.

bn11954

  • Guest
Re: xhrngmluerb.exe
« Reply #6 on: January 26, 2011, 05:54:06 AM »
Pondus

I can't find xhrngmluerb.exe, when I do a Windows Search all it comes up with is
XHRNGMLUERB.EXE-2EDAD9AO.pf in the Windows\Prefetch folder.

essexboy

I redownloaded OTL as suggested and it ran quickly to - HKEY_LOCAL_MACHINE Run Keys - where it stayed for 3 hours and when I moved the curser over it the Not Responding note came up.

SafeSurf

  • Guest
Re: xhrngmluerb.exe
« Reply #7 on: January 26, 2011, 06:00:42 AM »
bn11954,

Essexboy is now your malware removal expert.  Please follow his instructions and complete the OTS log as he requested (see his last post).  Thank you.

bn11954

  • Guest
Re: xhrngmluerb.exe
« Reply #8 on: January 28, 2011, 05:06:47 AM »
I re downloaded OTL and this time (the 5th) it ran right through.
The logs are attached

Offline CraigB

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 11239
  • No support PM's thanks
Re: xhrngmluerb.exe
« Reply #9 on: January 28, 2011, 05:17:46 AM »
I re downloaded OTL and this time (the 5th) it ran right through.
The logs are attached
You need to follow the instruction's set by essexboy, i believe he asked you to run OTS not OTL, please refer to essexboy's last post.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: xhrngmluerb.exe
« Reply #10 on: January 28, 2011, 08:31:01 PM »
Could you got to windows prefetch folder and just delete that pif file

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Quote
    :OTL
    O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    [2011/01/09 18:03:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\XSxS

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

bn11954

  • Guest
Re: xhrngmluerb.exe
« Reply #11 on: January 29, 2011, 02:35:59 AM »
essexboy

Attached are the logs for the Run Fix and Quick Scan.
I had cleared the Prefetch folder a couple of times.

bn11954

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: xhrngmluerb.exe
« Reply #12 on: January 29, 2011, 02:00:23 PM »
Nothing evident now - so lets check for hidden drivers and bootkits

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.

bn11954

  • Guest
Re: xhrngmluerb.exe
« Reply #13 on: January 30, 2011, 05:09:08 AM »
I couldn't get Combo Fix to work as it said I had Avir Desktop running, and I couldn't find it or any way to stop it.
So I dug out a harddrive I had cloned from my C Drive 12 months ago and replaced my C Drive with it, it took me 5 hours to update it, but it's working properly now.
I still don't know what "xhrngmluerb.exe" is or what it would have done if I had let it connect to the Internet.
Thank you for all your advice, my  trouble is that I know just enough about computers to get myself into trouble. I'll clone my harddrive every month from now on.

Thank you again!!!!!!!!!!!!!!!
bn11954

Offline CraigB

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 11239
  • No support PM's thanks
Re: xhrngmluerb.exe
« Reply #14 on: January 30, 2011, 07:03:22 PM »
spam reported, spam's gone so this post can be deleted to, thanks
« Last Edit: January 30, 2011, 07:19:53 PM by craigb »