Spyware?

I keep getting ZoneAlarm alerts saying that bin camp.exe and noun proc.exe are trying to use another program to gain access to privileged resources.

I have googled for both for days and cannot find anything regarding these 2 files. I don't have any idea what program they belong to.

noun proc.exe is in Documents and Settings/Joyce/Application Data/elseabout but I can't find anything for either (the other 2 files in this folder are locks idle inside.exe and zfcsmhu.exe

bin camp.exe is in Documents and Settings/All Users/Application Data/lesssizesettingsinternet

Can anyone please tell me what these files belong to and should I allow them to run. As for now I have been denying them access since I have not been able to find any information on either file. Could either of these files be related to IE 7 or MS Office 2007 or even the MSN desktop?

 

Hi whompuscat

I would post a HJT log in the removing spyware virus form. with a link to this post.

Please go Here and download the newest version of Hijackthis 1.99.1. Please be sure to save it to a permanent directory, such as C:\Prgram Files\HJT.
Open HJT and “Do a system scan and save a logfile”, (it will open in note pad) copy and paste the log file.

Geri

 

Hello Joyce,

Run the HJT scan.

Is there anything in particular you're doing when the warnings pop up - at boot up, etc.

To find out what they might belong to:

Copy the files out to either removable media or to another folder - ideally on another partition if you've created one, and then delete them from the original locations. You might get a access denied message. In that case there is a program that will tell you what has the file(s) in use http://www.dr-hoiby.com/WhoLockMe/index.php

Before doing that, create a manual System Restore point - they are .exe files which SR monitors.

Regards - Charles

 

I ran HiJack This and deleted 2 things, one was bit torrent.dll and the bin camp.exe.

I was having other problems also, with pop ups, IE 7 tab browsing was not working properly etc.

Once I removed those things are all back to normal, although spyware removal did not detect either of these as a problem, they evidently were causing this, so far haven't found anything that doesn't work since I removed them.

 

You could very well still have something on your system. You may have gotten the obvious ones, but these days that is not enough.

To be certain, I suggest you post a log in the proper forum to be analysed.

Edit to add: After reading those file names and doing minimal research, it appears they are related to a LOP infection.

 

Minimal research? I searched for hours on end and never came up with anything using google as my search engine.

I will post a log for review, but I believe that all the other files listed were familiar to me. I will also google for LOP infection (btw...which search engine did you use?)

Which forum would I post that in please?

Thanks for your advice.

 

The Spyware and Malware Removal forum:
http://www.windowsbbs.com/forumdisplay.php?f=41

The "bin" portion is variable. Search for "camp.exe" and you likely would have better results under Google. Similary "noun" is variable, search for proc.exe

Unfortunately, the words are fairly common so you will get lots of unrelated hits.

The other two files you mentioned, locks idle inside.exe (a known sign of a LOP infection) and zfcsmhu.exe <<--- not good no matter what, are also an issue.

Scroll the list of previously identified LOP infectors:

http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453075330

The list of known infectors grows daily.

 

Search for 'camp.exe', via Google:
http://www.google.com/search?q=camp.exe+&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

The second one, I didn't even have to Google, after doing these LOP infections for over 2 years, they are easy to spot. Nine times out of ten, the files are 3 random English words, and fortunately for us, they seem to use alot of the same batch of words.

Btw, you don't by chance happen to have MessengerPLUS Live installed do you? That app has an adware program that installs this infection if you're not careful when installing.

We'll be looking for your log file over in Spyware & Virus Removal.

 

Ok I posted a log, also I still have that noun proc.exe in Documents and Settings/Joyce/Application Data/elseabout (the other 2 files in this folder are locks idle inside.exe and zfcsmhu.exe

I will search for a LOP infection removal tool, is there any one in particular that you recommend?

 

I have already replied to your thread and answered the question about the folders and files.

As for LOP, manual removal is quite simple. We'll continue in the newer thread, I'll lock this one now. Others may follow along in that thread. Thanks