Page 1 of 2 12 LastLast
Results 1 to 15 of 26
  1. #1
    4 Star Lounger
    Join Date
    Mar 2010
    Location
    east coast
    Posts
    402
    Thanks
    70
    Thanked 5 Times in 5 Posts

    Question How to stop files phoning home?

    rujofycdinle.exe keeps trying to phone home somewhere

    it showed up in c/documents and settings/user yesterday
    norton keeps blocking it
    every time i say block this attempt it loops back and repeats
    so endless loop of norton messages and attempts to phone home

    when i try to delete it wont let me - say in use by someone else


    also
    in c/recycler/ also that showed up yesterday is
    something (actually several) starting with s-1-5-21-.... may be related

    also cannot delete them whatever they are

    i suspect a new virus
    that may have been in an email that i thought was from linkedin.com that i opened
    but came from a private person perhaps in florida with a fake name and claiming to be a doctor in their supposed linkedin profile

    anyway the big question is
    HOW CAN I DELETE SCUMWARE PROGRAMS that windows xppro say is in use by others

    does anyone have any idea what these two things could be ?

  2. #2
    4 Star Lounger
    Join Date
    Dec 2009
    Location
    Hillsborough (San Francisco Bay area), California, USA
    Posts
    571
    Thanks
    5
    Thanked 54 Times in 53 Posts
    Sppedball,

    Try deleting in Safe Mode (without networking)

    Zig

  3. #3
    Super Moderator jwitalka's Avatar
    Join Date
    Dec 2009
    Location
    Minnesota
    Posts
    4,743
    Thanks
    67
    Thanked 544 Times in 492 Posts
    In safe mode with networking, download and run Malwarebytes using a full scan.

    Jerry

  4. #4
    4 Star Lounger
    Join Date
    Mar 2010
    Location
    east coast
    Posts
    402
    Thanks
    70
    Thanked 5 Times in 5 Posts
    thanks

    i can try that

  5. #5
    4 Star Lounger
    Join Date
    Mar 2010
    Location
    east coast
    Posts
    402
    Thanks
    70
    Thanked 5 Times in 5 Posts
    thanks

    i did run malwarebytes and several other programs but they seemed happy with this program that is phoning home

  6. #6
    4 Star Lounger
    Join Date
    Mar 2010
    Location
    east coast
    Posts
    402
    Thanks
    70
    Thanked 5 Times in 5 Posts
    ALL:

    i was able to change the extension on rujofycdinle.exe to . XEX
    that seems to keep that program from executing

    the new thing , which does not look like a program , is in C/recycler/s-1-5-21-.....
    one folder that is empy and several files starting with the same sequence

    this is todays status
    a file s-1-5-21-and several long sequences of numbers with dashes
    said created in 2009
    but a new folder created two days ago
    cannot open the folder, explore it, or do anything as it says access denied
    and claims the folder is empty

    WHY WOULD THIS THING START PHONING HOME NOW
    THIS PC IS SEVERAL YEARS OLD AND IT NEVER DID IT BEFORE

    this is all new as of a couple days ago.
    Last edited by speedball; 2013-02-11 at 14:41. Reason: ADDED INFO

  7. #7
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    5,435
    Thanks
    128
    Thanked 495 Times in 455 Posts
    also
    in c/recycler/ also that showed up yesterday is
    something (actually several) starting with s-1-5-21-.... may be related

    also cannot delete them whatever they are
    The above is part of the operating system and does not have anything to do with virus or malware activity.
    DRIVE IMAGING
    Invest a little time and energy in a well thought out BACKUP regimen and you will have minimal down time, and headache.

    Windows 8.1, 64 bit
    Motherboard: DX58SO2*Chipset: X58 Express/Intel ICH10*BIOS: SOX5820J.86A.0888.2012.0129.2203*Processor: Intel Core i7 CPU X 990
    GPU: Nvidia GTX 580*Memory: Corsair 12 GB, 4x3@1600*PSU: Corsair HX1000*Hard drives: REVO X2 160GB*OCZ VERT X3 120GB*5 mechanical storage drives (12 TB) total.

  8. #8
    Star Lounger
    Join Date
    Feb 2010
    Location
    near Ottawa, Ontario, Canada
    Posts
    57
    Thanks
    65
    Thanked 12 Times in 11 Posts
    hey speedball, when you ran malwarebytes, did you do so _before_ that other stuff got to run? Some baddies try to hide themselves, and can if they run first. Did you boot to safe-mode and run it? You could also try one of those boot and scan CDs(kaspersky, avira, bit defender, f-secure), or hang the drive off another machine and scan it there to be sure that the nasty stuff doesn't run before the scanner.

    Do you know where the file "rujofycdinle.exe" lives? Google does not recognize it, is it installed with a known application?
    Can you upload it to:
    https://www.virustotal.com/
    and
    http://virusscan.jotti.org/en-gb
    to see what they say about it?
    Do you see it in running in task manager? If your, having trouble finding the location try the SysInternals "Process Explorer" replacement for task manager. It's way better and shows you exactly where a file lives. They also have a utility called "PendMoves" that can schedule a file move/deletion to occur on the next reboot, for stubborn files you cannot remove manually.

    Good Luck and keep us informed!
    brino

  9. #9
    4 Star Lounger
    Join Date
    Mar 2010
    Location
    east coast
    Posts
    402
    Thanks
    70
    Thanked 5 Times in 5 Posts
    why does it need to phone home after 7 years of never doing it before ?

    note
    some dll in the java folder is also trying to do it now

    i have to suspect some virus is hiding behind those false faces to do whatever it is trying to do by connecting outwards
    Last edited by speedball; 2013-02-14 at 11:51. Reason: missing word

  10. #10
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    2,754
    Thanks
    80
    Thanked 339 Times in 306 Posts
    Quote Originally Posted by speedball View Post
    why does it need to phone home after 7 years of never doing it before ?
    Why answer questions with a question? And then start a new thread about the same issues?

  11. #11
    New Lounger
    Join Date
    Dec 2009
    Location
    NY
    Posts
    17
    Thanks
    0
    Thanked 0 Times in 0 Posts
    It does sound like you have a virus/trojan/worm on your computer. I'm going to guess that you're using Windows built-in firewall. I'm also going to suggest you try using a 3rd party firewall that will disable Windows' firewall. Then you would configure the firewall to ask for permission to allow any & all programs to access the Internet. That way, you should know when a program is stopped from phoning home even if you're not at the computer. Eventually, you'll be able to grant legitimate programs unfettered access to the Internet & those that shouldn't have access, can be permanently stopped at the firewall. If all your malware & av scanning can't remove the offending programs (& btw, you should use more than 1 security program), you may be forced to format & reinstall the OS. But that's a last resort.

  12. #12
    Lounger bcoop's Avatar
    Join Date
    Jan 2011
    Posts
    26
    Thanks
    8
    Thanked 0 Times in 0 Posts
    There were warnings about Java a while ago. Suggestions to uninstall it.

  13. #13
    New Lounger
    Join Date
    Sep 2011
    Location
    Minnesota
    Posts
    11
    Thanks
    3
    Thanked 0 Times in 0 Posts
    You could also try Sophos' Virus Removal Tool at http://www.sophos.com/en-us/products...oval-tool.aspx It takes a while to run but you can use your machine while it's running. It will list the files it finds and then you can decide if they are valid or not before removing them. Also click on the "Help" while it is running and you will be taken to a web page with all sorts of info on cleaning your computer and recovering data if needed.

  14. #14
    Star Lounger
    Join Date
    Dec 2009
    Location
    near Boulder, Colorado, USA
    Posts
    80
    Thanks
    9
    Thanked 2 Times in 2 Posts
    I have found many "undeletable" files can be removed using a program called Unlocker (http://www.emptyloop.com/unlocker/), provided you can find and click on the file in a folder. Of course, using anti-malware and robust firewall installation to prevent re-infection would be wise, too.

  15. #15
    3 Star Lounger
    Join Date
    Jul 2012
    Posts
    398
    Thanks
    212
    Thanked 27 Times in 26 Posts
    norton keeps blocking it. every time i say block this attempt it loops back and repeats so endless loop of norton messages and attempts to phone home. when i try to delete it wont let me - say in use by someone else
    --- Check your startups
    ------ Google any startups you don’t recognize
    ------ Uncheck anything that isn’t needed or at least the one that could be suspect if there is one
    --- Whoever that someone else is using it just keeps dialing back in

    i was able to change the extension on rujofycdinle.exe to . XEX that seems to keep that program from executing
    --- That was a good idea but I recommend you still find a way to get rid of that program
    ------ You could change it back to the .exe
    ------ Open Windows Task Manager into the Applications box
    ------ When the unwanted program wants access again don’t block it yet
    ---- Switch over to the Task Manager, Right click the application in question and select Go to process
    ------ You will be taken to the processes tab and the process involved will be highlighted
    ------ Unfortunately it could be svchost which wouldn’t be helpful to you at this time but just in case it finds something more specific it’s worth a try

    There are already some excellent recommendations. If you haven’t succeeded yet consider unhiding the system folders
    --- Install & run Spywareblaster, Ccleaner & your anti-malware programs again
    --- Don’t forget to go back and hide the system folders afterward

    Good luck

Page 1 of 2 12 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •