Possible trojan

Gilder

So last night I shut down my PC and I get a message saying "n.exe is not responding", and I had never seen that message before. So I looked it up today and it seems to be a trojan. So my first step I took was scanning with malwarebytes and it found something, but it was just kgbm32.dll, which seems to be some kind of spyware games thing. I haven't had any hits recently with Malwarebytes either, so this has to have been recent. After that I had to restart, and the computer did not give me the message about n.exe not responding. I then performed a search with another program, and it didn't find anything. I've restarted again since then and once more, no message about n.exe. Then after that I yet again did more searching, this time with CA Antivirus and the windows search function in the hopes of finding anything n.exe related. This includes all the alternate names it could go under. I also did my own personal digging all throughout the system directory. Nothing. The thing is I'm still afraid I haven't gotten it because at no point have any of my searches, personal and through scanners, turned up the exact phrase "n.exe". This is also proving difficult for me because I am not good at doing complex searches and such, so outside of scanners I get lost if I don't have step-by-step instructions on what I should be doing and where I should be starting. I was mostly just clicking and checking every folder in the C:/WINDOWS directory.

So do you guys know if there's any specific step I can take to make absolutely sure it's gone? Do you guys think it's gone? I'm getting conflicting reports on just how serious it even is as well. Sure it COULD be a trojan stealing my credit card information and sending viagra emails to the pentagon, but isn't that the generic threat for all of these things? I'm panicking like hell over here and I feel like I might be overreacting, because I can't stand knowing that it might still be there and might still be doing something serious. Honestly I'd rest easily if I knew it was just going to make some extra pop-ups appear, because I have a ton of protection against those. If anyone knows a 100% sure way to know if it's still there or not I would greatly appreciate it.

dresdenphile

SuperAntiSpyware is another excellent anti-malware, anti-spyware program I recommend downloading and running.

Does the process show up in Task Manager (CtrlALtDel)?

Also, have you checked to see if it runs at startup? Assuming you're running Win XP or later, click Start -> Run -> Type Msconfig and hit enter. Click on the startup tab, and scan the programs to see if n.exe is one of them. If so, uncheck the box, hit Apply and OK. It'll ask you to restart; go ahead and do that.

You could search the registry, but that's serious business, not to be taken lightly.

Gilder

Going to give that program a try, thanks. And yeah it doesn't show up in the task manager and as for startup there was one semi-suspicious thing I saw, some program with no name, so I turned that off but there was no n.exe in the list.

Torque Monkey

I'd recommend giving Counterspy a shot, which can be found on download.com for free - it takes a good bit to scan, and the setup is irritating, but it does a fantastic job.

Gilder

Alright I did a search with SuperAntiSpyware, and it also came up with nothing, although it came up with some cookies and some trojan thing that it said another program removed but was still lingering around. After restarting when that was finished, I yet again did not get the message I got last night. I guess I can give CounterSpy a shot, but do you guys think maybe it's gone? I've done a CA Antivirus scan, searched with Windows, a Malwarebytes scan, a SuperAntiSpyware scan, and I've searched personally. None of this is finding the thing and from what I read online it's not that well hidden. I mean it doesn't even hide itself from what I've read, it just goes to the sys32 folder and makes a .exe with either an n or a k in front of it. In addition my PC also doesn't seem to be going slower, my bank hasn't been robbed of my precious cash, and I'm not getting pop-ups or anything.

Mr. Pokeylope

There's a Computer Security Thread on the Tech sub forum that helped me out.

http://forums.penny-arcade.com/showthread.php?t=108166

The only way to be sure it's gone, is to nuke it from orbit and do a reformat and fresh install though.

Siska

Give combo fix a try:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix#use

Read the whole page. Combo fix will remove a lot of threats as well as make a txt log of everything going on, on your computer. You can then post the log on one of the web pages suggested and they can help point out any remaining problems.

I think combofix only runs on 32 bit operative systems.

Gilder

Did a search with CounterSpy, didn't come up with really anything. Just some false positives and no "n.exe". I'll give combofix a try, but because I'm not seeing anything and all the information I found makes it sound like I've gotten rid of this thing I'm going to give it a day or two and see, because I've been at this all day and I just can't scan anymore. After all these restarts I've still not gotten the message again either so I'm really hoping it's gone. Everything I've read about this indicates that malwarebytes should remove it and that was the first thing I did. It's also not even some deeply rooted thing according to the information I've gathered, it doesn't even go into the registry or anything. It'll just plop down an .exe in the sys32 folder and that's it. If things get bad I'll let you guys know, but I think all these scans I've done myself and with the programs you suggested indicate that it's gone.