Jump to content

VictorValiant

Members
  • Posts

    11
  • Joined

  • Last visited

Everything posted by VictorValiant

  1. in addition to kimod's info, I've found that; the registry folder > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ also contains the folders jh1c, jh1d, jh1e, jh1f, & pts5a. with registry key values. (well at least in my system) So I've deleted them all from registry, after removing the mutualpublic through it's uninstaller. Thanks All, grtz, V
  2. Just uploaded the zipped mutualpublic folder here > https://forums.malwarebytes.org/index.php?showtopic=137190 I didn't have the process tree checked when I found jh1e.exe last night that's why I couldn't see it. So I guess the screenshots weren't of much use. Although on pic 005 it said under the TCP/IP tab Local address victorvaliant:50573 remote address ypool.net:8086 when jh1e.exe was running. Is this a connection like someone is accessing my cpu? the numbers are port numbers right? and can I block this ypool.net somehow? Can this be implemented in mbam? I don't use a firewall, because it slows my system down when working. But now I'm open for suggestion granted it's light on the resources/system. Am surprised that there's so many people affected by it, and this topic being viewed nearly 1000 times. I haven't deleted the mutualpublic yet, just in case you need me to check other things out. grtz, V PS just now double clicked jh1e.exe and I see in tcp/ip that there is connection established with a full IP address but parent process is now wininit.exe please see attached files for screenshot jh1e.exe re-run IP address pic.jpg.zip
  3. Hi, shadowwar I hooked up my ipod and tried to access it with foobar audio player, it froze 'not responding' and suddenly jh1e.exe appears in C:/temp with the same symptom/resource claim. I uploaded jh1e.exe to the research center here > https://forums.malwarebytes.org/index.php?showtopic=137168 (NOTE: mbam didn't detect it after scanning with latest updates) I end tasked jh1e.exe, I ran process explorer which you posted earlier, and double clicked jh1e.exe, a cmd screen appeared and an error "stopped working" box appeared instantly, and it showed up in process explorer. I then right clicked on jh1e.exe > properties and made screenshots of every tab, as I did not know which one you need most.(8 shots @1920x1080 jpg's) I left out the gpu tab as it was completely empty and N/A there was also a strings tab with a save option, so I saved that and included it with the screenshots in a zip package They don't make much sense to me, but I hope you can figure it out it's 2.38am here now, so calling it a day... I'll check here later in the morning, if you have any suggestions or new procedures I should follow let me know Sincerely, Victor screenshots and strings.zip
  4. Hi, Shadowwar After scanning and removing, none of the malicious files has come back, so my problem is as good as solved, and I can go back to work again Thank you for your efforts I really appreciate it. Unfortunately I don't know where it came from exactly, All I recall is I browsed a lot of websites that day with lots of ad pop ups and banners and only noticed the resource drain upon booting the morning after. (I always have auto empty temp files and history on exit checked from browser to minimize such problems arising ) So sorry I couldn't be of more help. Also the newly mentioned wc1a is totally unknown to me, someone newly affected may have the files you're looking for. Anyway this whole process has made me more confident in using mbam, as you given me ("us") friendly timely responses and even an fast update to get rid of it. Thanks again Kind regards, Victor Ok, so I take it you problem is solved too then, after scanning/removing with the new definitions implemented. Cheers, Victor
  5. Updated mbam just now & indeed it detected the jh1d.exe which I zipped at C:/temp, it has now been removed, hopefully it stays that way. kudos to the research team for such fast implementation, and please forgive the typos errors of jh1d.exe in my previous posts. I've been google-ing for similar cases, and there was a file I'd completely forgotten all about, It's pts5a.exe, in C:/temp A few days ago when this issue first occured, this was the file that initially claimed 50% cpu and 2gb ram. However I ended the task and removed it normally with the windows recycle bin. And thought nothing of it till I rebooted and found jh1d.exe in that same folder. the pts5a.exe never came back, but due to the focus on jh1d.exe it just slipped my mind, sorry.... I don't know if it is relevant now, as it is maybe fixed, rebooting my system now. Hammerhode, have you also seen pts5a.exe on your system/taskmanager before? There's more people reporting pts5a and jh1d together though, on other virus related topics and forums.
  6. Also I noticed the jhd1.exe reappears in C:/temp after 5hrs or so, after closing (end tasking) the previous instance. Maybe it has to do with being triggered by the registry as a scheduled event or something like that (just guessing) I've attached my registry here, just in case the research team needs it. I was going to post it in the same thread where the exe was posted but it's already been locked. So I hope you won't mind for posting it here. A bitcoin miner? sorry I didn't know what bitcoin was had to look that up in wikipedia. So someone is getting richer by using other peoples cpu & ram resources to generate bitcoins valuta? Kind regards, Victor edit removed registry
  7. Hello, all Let me get straight to the point I have noticed this file/program jh1d.exe in my taskmanager>processes it takes about 50% of CPU resources and 2 GB RAM. Stressing my resources and slowing things down. (my system specs: Core i7/2600k, 16GB ram, OS Win7 x64) I can stop it by simply clicking end task, and it's location is systemroot/temp> C:/temp Unfortunately mbam doesn't detect/remove it.(I use the free version of mbam with latest updates) Even if removed manually from recycle bin, it manifests & executes again within 2-3mins after next boot. I've also tried moveonboot to remove it at the next boot but it still manifests & executes, only now it's somehow renamed to jh1c.exe and has the same properties and claim on resources I'm not very technical and I have little knowledge concerning malware, but I'm sure there's a name/terminology for this kind of thing. Almost forgot, the exe file shows little variation in file size, I've seen both 88kb and 126kb as filesizes upon booting. I googled jhd1.exe and it seems more people have detected it as early as 15 nov 2013, so it's seems fairly new and little is known about it. I simply "end task" & remove from recycle bin for now when I boot, I'll wait for the solution to be implemented in mbam free version as it is not aggressive IMO just very annoying. Hopefully I've provided sufficient information, and I'm sorry not to be able to provide more details as I'm not adept at these things. Thank you in advance for any additional info or tips regarding this issue Sincerely, Victor PS. Please just read the next as a note, as I'm sure you have no interests in ungrounded/imaginative issues. I've gotten a notification that there was an hack/login attempt on one of my online accounts, but I don't know if it's related to this issue or a coincidence since this has never happened to me before now.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.