cgrant26

I just had a run-in with this one myself. I'm sharing my experience in case it can help anyone else. Mbam didn't find it, but I was able to manually get rid of it. I see no signs of it now and no unusual processes running so I believe I got it all, but I'll defer to the experts here for more thorough removal instructions. In the mean time, I'll tell you what I did to at least gain normal functionality of my computer. Since this bug locks you out of task manager, here's how you can stop the process in Windows XP Pro. (FYI, XP Home doesn't have tasklist, XP Pro, Vista and 7 do) Go to the Start Menu, select "Run" and type "cmd" and hit enter to open a command prompt. Next, type "tasklist" This will give you a list of active processes and a PID number for each For me, identifying the rogue process was easy as it was the only process on my system that I didn't recognize. In my case, it was "mswqwbssika.exe" I would expect yours would be similarly named. If you're not sure, best to wait for one of the professionals here to either tell you which process it is, or better yet, they will have a full-suite of instructions for you to follow. Now, if you are confident you have the right process singled out of the task list, note it's PID number and type the following: "taskkill /PID XXX /f" where the XXX is the PID number of the process you wish to end. Press Enter. That should kill the process and restore task manager functionality Next, open up internet settings in the control panel. Start --> Control Panel --> Internet Options Click on the "Connections" tab. At the bottom, you should see a button for "LAN Settings" Click it and make sure the ONLY item checked is "Automatically Detect Settings" This should restore your browser functionality. I opted to locate the exe file and delete it. You may want to wait for more specific steps from someone here, but just for posterity, here's what I did: I located the exe in C:\Documents and Settings\*My user name*\\Local Settings\Temp\kuaunvifh\ Before deleting, I placed a copy of the exe in a zip file in case anyone wanted to analyze it. I then deleted the exe. After that, I ran a registry scan using Ccleaner and as expected, it found reg keys pointing to the now-missing exe file. I deleted those as well. I ran Mbam one more time (again, it didn't find anything) and I went over the log file looking for anything out of the ordinary. (I compared to previous clean logfiles as will as my own knowledge of what should be running on my system) No traces of the malware for now.

I zipped the bad file to be able to upload it. It's location was C:\Documents and Settings\Administrator\Local Settings\Temp\kuaunvifh mswqwbssika.zip

I'm running Windows XP64 Program self-installs from browsing infected website. While running it disables the task manager and sets lan to connect through a proxy instead of "automatically detect settings". It starts an "antivirus scan" with several pop-ups asking you to activate your anti-virus protection. Scan window and popups are persistant and overlay everything else on the desktop. I was able to kill it by opening a command prompt and running "taskslist" and then "killtask /PID XXXX /f" Only one process I was able to identify as being abnormal was mswqwbssika.exe Full Malwarebytes scan (updated first) did not detect any malicious items.