program "Ieskuum" running in the background

I'm not sure if this is a W98 question or a virus question....but here goes.... I noticed a program running in the background call Ieskuum. I clicked on it's properties and said it was created 8-04-04. This was right about the time that something unrequested downloaded on to my computer and my computer got very sick. I downloaded spybot, which cleaned most of the mess up....however, the name Ieskuum makes me a little nervous. How do I find out what this program is and what it's for?
Thanks for any help you can provide.
Teri C

 

Hi Teri, and welcome to the boards !
I cannot find any references to ieskuum at all. Is the name correct ?
With which program did you see it in "running processes" ?
regards

 

Thanks merlin! I Googled ieskuum and found nothing as well, which is why I came here. This is what happened: I was online and something crashed. The Cyber Protection Thingy on my computer showed a list of stuff, which i didn't understand. However, I recognized some of the abbreviations as the programs that are "running in the background" (when I do Ctrl + Alt + Del, the box pops up with all my programs running in the backgound.) Ieskuum is in there. I clicked on its Properties and its MS-DOS name is ieskuum.exe. It's located in C:\Windows. I doubled checked on the spelling and it is correct: ieskuum. I should also add the following: I just quasi-fixed a huge problem on my computer concerning spyware. I was on line one day and the Windows box that shows the downloading process (the flying paper) appeared on my screen. Before I had a chance to react, it was gone and something unrequested downloaded onto my computer. Then my computer got real sick. It made funny noises, AOL automatically loaded every few minutes, and then crashed when I actually wanted to use it. And what's most worrisome is that all of a sudden I have all these crazy .exe files on my pc...all created on this one day. AproposClient Installer , greenins, greenuns and I just found this ieskuum. Argh! spybot only identified Aporos as dangerous and they're gone now...I think. (yes - plural I had about 5 copies of this on my PC in various places). The only problem I now seem to have is that IE seems to want to load itself automatically . A "work offline" box appears every few minutes and asks me if I want to work offline or connect the internet. I have no idea what's going on...I hope all of this info is helpful. Thanks for responding Merlin...you're awesome! I also want to add that I will be gone for the next few days and wont be back here till Friday. We're going to the coast for a few days...there's an amazing meteor shower every August and we want to get away from the light pollution. Happy thoughts till then Merlin!
Teri

 

there's more Merlin....

Man....what's going on? There are 9 NEW .exe files of AproposClientInstaller on my PC...all created today. I swear I didn't download a thing!! I'm really lost...looks like going to the Coast is necessary in order to save my sanity haha. I just thought this new bit of information would be helpful to you.
Thanks again,
Teri C.

 

Hijack This Log

Here's a copy of my Hijack this log if it helps. See? IESKUUM is in there, that little bugger!!!
Thanks ,
TeriCee

Logfile of HijackThis v1.98.2
Scan saved at 2:01:54 PM, on 8/13/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v5.00 (5.00.2314.1000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\DR SOLOMON'S\ANTI-VIRUS\WGFE95.EXE
C:\PROGRAM FILES\ENCOMPASS\MONITOR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\SYSTEM\HPSJVXD.EXE
C:\PROGRAM FILES\CAERE\OMNIPAGEPRO80\OPWARE32.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\IESKUUM.EXE
C:\WINDOWS\OIUWGAW..EXE
C:\PROGRAM FILES\CAERE\OMNIPAGEPRO80\opware16.exe
C:\WINDOWS\SYSTEM\PIBDOVH.EXE
C:\PROGRAM FILES\COMET SYSTEMS\DM\BIN\DMSERVER.EXE
C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
C:\PROGRAM FILES\WEB OFFER\WO.EXE
C:\PROGRAM FILES\FIRSTAID 98\FAWGRD32.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\SCANJET\PRECISIONSCAN\HPPPT.EXE
C:\PROGRAM FILES\CAERE\PAGEKEEPLITE30\SYSTEM\PKJOBS.EXE
C:\ATI\ATIDESK\ATISCHED.EXE
C:\AMERICA ONLINE 5.0\AOLTRAY.EXE
C:\PROGRAM FILES\FIRSTAID 98\FA_GD32.EXE
C:\PROGRAM FILES\FIRSTAID 98\RTFIXM32.EXE
C:\PROGRAM FILES\CAERE\PAGEKEEPLITE30\SYSTEM\PKSLAPI.EXE
C:\PROGRAM FILES\CAERE\PAGEKEEPLITE30\SYSTEM\PKTOPASS.EXE
C:\AMERICA ONLINE 5.0\WAOL.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\AI_LOADER.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\MY DOCUMENTS\HIJACKTHIS\HIJACKTHIS1982.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\TV MEDIA\TvmBho.dll
O2 - BHO: Searchfst Class - {000277A3-7D84-406a-9799-D12A81594693} - C:\WINDOWS\SRCHFST.DLL
O2 - BHO: (no name) - {2251A488-17CD-BE5B-9448-1F1C57B7B1F4} - C:\WINDOWS\SYSTEM\sluhxcun\oamtblks.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: CSBHO - {D14D6793-9B65-11D3-80B6-00500487BDBA} - C:\PROGRAM FILES\COMET SYSTEMS\PLATFORM\BIN\CSBHO.DLL
O3 - Toolbar: Starware - {FE6BC4EF-5676-484B-88AE-883323913256} - C:\PROGRAM FILES\COMET SYSTEMS\PLATFORM\BIN\CSIETB.DLL
O3 - Toolbar: Searchfst Class - {000277A3-7D84-406a-9799-D12A81594693} - C:\WINDOWS\SRCHFST.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [HPSCANMonitor] c:\windows\SYSTEM\hpsjvxd.exe
O4 - HKLM\..\Run: [OmniPage] C:\PROGRAM FILES\CAERE\OMNIPAGEPRO80\opware32.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [nssysconf] C:\WINDOWS\ieskuum.exe
O4 - HKLM\..\Run: [hpsysconf1] C:\WINDOWS\oiuwgaw..exe
O4 - HKLM\..\Run: [TV Media] C:\TV MEDIA\Tvm.exe
O4 - HKLM\..\Run: [pqhncd] C:\WINDOWS\SYSTEM\pibdovh.exe
O4 - HKLM\..\Run: [SrchfstUpdate] C:\WINDOWS\srchupdt.exe
O4 - HKLM\..\Run: [DM_Server] C:\PROGRA~1\COMETS~1\DM\BIN\DMSERVER.EXE /onreboot
O4 - HKLM\..\Run: [AutoLoaderAproposClient] "C:\WINDOWS\SYSTEM\AI_LOADER.EXE" /HideUninstall /HideDir /PC=AM.SKHN /ShowLegalNote=nonbranded
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Winguard] C:\PROGRA~1\DRSOLO~1\ANTI-V~1\WGFE95.EXE
O4 - HKLM\..\RunServices: [EncMonitor] C:\Program Files\Encompass\Monitor.exe
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - HKCU\..\Run: [TV Media] C:\TV MEDIA\Tvm.exe
O4 - Startup: Windows Guardian.lnk = C:\Program Files\FirstAid 98\Fawgrd32.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: HP Parallel Port Test.lnk = C:\SCANJET\PrecisionScan\hpppt.exe
O4 - Startup: PageKeeper Lite Jobs.lnk = C:\Program Files\Caere\PageKeepLite30\system\PKJobs.exe
O4 - Startup: ATI Scheduler.lnk = C:\ati\atidesk\atisched.exe
O4 - Startup: America Online 5.0 Tray Icon.lnk = C:\America Online 5.0\aoltray.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O14 - IERESET.INF: SEARCH_PAGE_URL=http://home.microsoft.com/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/181fe440af4c1cf7f119/netzip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

 

hello

IN addremove programs uninstall TV media, anything Apropos, while your there uninstall any questionable entries, and reboot if prompted.

Start Hijackthis and place a check next to these items,
Close all browser windows and shut down all other programs that show in the taskbar. (even Folders) Then Hit fix checked.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\TV MEDIA\TvmBho.dll
O2 - BHO: Searchfst Class - {000277A3-7D84-406a-9799-D12A81594693} - C:\WINDOWS\SRCHFST.DLL
O2 - BHO: (no name) - {2251A488-17CD-BE5B-9448-1F1C57B7B1F4} - C:\WINDOWS\SYSTEM\sluhxcun\oamtblks.dll
O4 - HKLM\..\Run: [nssysconf] C:\WINDOWS\ieskuum.exe
O4 - HKLM\..\Run: [hpsysconf1] C:\WINDOWS\oiuwgaw..exe
O4 - HKLM\..\Run: [TV Media] C:\TV MEDIA\Tvm.exe
O4 - HKLM\..\Run: [pqhncd] C:\WINDOWS\SYSTEM\pibdovh.exe
O4 - HKLM\..\Run: [SrchfstUpdate] C:\WINDOWS\srchupdt.exe
O4 - HKLM\..\Run: [DM_Server] C:\PROGRA~1\COMETS~1\DM\BIN\DMSERVER.EXE /onreboot
O4 - HKLM\..\Run: [AutoLoaderAproposClient] "C:\WINDOWS\SYSTEM\AI_LOADER.EXE" /HideUninstall /HideDir /PC=AM.SKHN /ShowLegalNote=nonbranded
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - HKCU\..\Run: [TV Media] C:\TV MEDIA\Tvm.exe
=========
Restart the PC find and delete (ONLY THESE EXACT) files and folder's,
Be very carefull if your unsure leave them be.
Set windows to show hidden file's, folder and extensions
>click here for instructions<.
C:\PROGRAM FILES\Web Offer
C:\TV MEDIA
C:\WINDOWS\SYSTEM\AI_LOADER.EXE
C:\PROGRAM FILES\COMET SYSTEMS
C:\WINDOWS\ieskuum.exe
C:\WINDOWS\oiuwgaw..exe
C:\WINDOWS\SYSTEM\pibdovh.exe
C:\WINDOWS\srchupdt.exe
C:\WINDOWS\SYSTEM\sluhxcun

Empty the trash bin
Important Next Clear IE's cache via control panel internet options [delete files] button and mark the popup to also delete offline content
Provided you have just restarted, delete the contents of all your
delete the contents of all your temp folders, as in.
the contents of the C:\windows\temp folder and C:\temp if there

If this doesnt get changed from Explorer v5.00 to IE6 with sp1 you dont stand a chence of fending these nasties stuff off.
TonyKlein's So how did I get infected in the first place: http://www.windowsbbs.com/showpost.php?p=163453&postcount=6

Regards

Post a new Log when you get back