I am running Windows 7 64 bit Professional on a Thinkpad T410.
I recently got infected by several viruses, but through a combination of Avast, Windows Defender, and MBAM, I was able to clean everything off my system. Now all three say that my system is clean. The only thing still bothering me is fontviewa.exe. My computer isn’t displaying any symptoms like slowdowns, popups, etc., but from time to time, fontviewa.exe will appear in my processes list. Clicking on its properties leads me to the windows TEMP folder, but even when show hidden files is enabled, I can’t see it. I have tried erasing it from the command prompt by typing “del fontviewa.exe,” but it says it can’t find the file. However, I can right click on its process and click on properties. At one point, the Product Name was “bysazubexyq” and its version was 8.1, but it seems to be empty now. According to Commodo firewall, its process is running within taskeng.exe, which is running within svchost.exe. I have attached a screenshot of its general Properties.
All I can find on the internet concerning fontviewa.exe is this:
Any help would be greatly appreciated. Thank you in advance.
-Jon
UPDATE: I changed the option in the Folder Options control panel to allow me to see system files. Fontviewa.exe became visible, and I deleted it. Still, I am curious if anyone can shed any light on the situation. Upon deletion, the window that popped up said the company is called “Kyjowi Voqaxutabi.”
Hi
the file name ( “bysazubexyq”/ company name Kyjowi Voqaxutabi ) reminds a bit of Vundo .
Please download and install 'HiJackThis 2.0.4 ’ , run a scan and copy paste the log in your next reply.
Please edit your jpg ! It’s not a good idea to leave your real name in an open forum
Regards
Sarakael
addendum
one hit on OASIS ;D
[i]Results for “fontviewa_exe”
1 record(s) found.
File Name Vendor Product Status
fontviewa.exe Kyjowi Voqaxutabi Bysazubexyq 8.1 Unknown[/i]
Fontview.exe I know is part of a known worm. I do not know of Fontviewa.exe but it makes sense that copies of the virus would be made in case you deleted it. Fontview.exe is part of the W32.OPASERV.T Virus. That may help you in figuring out how to remove it easier or more efficient. If you have already removed all of it like you said that’s great. I would imagine that is what you originally had anyway but I am not sure. If you could let us know what you were originally infected with that would be awesome. Here is some data on the W32.OPASERV.T Virus:
Check that out it has some good information about registry keys and what the virus itself does. Good luck that’s really all I can think of is that it is a variant of that worm.
Also try Google search “Kyjowi Voqaxutabi” and the only thing that comes up is this thread and same with “bysazubexyq” haha. It was fun that this thread was the only result
Edit: I agree with the above poster about the confidentiality aspect of screen shots
Great Thanks! I’ll run a scan with Hijack This later today when I get home.
I thought about removing my name when I first posted the image, but then decided that my name is so common, it really didn’t matter.
One more question - would having a 64 bit operating system offer any kind of protection against viruses assuming they were made for 32 bit operating systems?
I would imagine based on that information there are a ton of viruses now. Plus the limitations Microsoft claims doesn’t really sound like it would prohibit most 32-bit software from running. Short answer… no you aren’t safe just because of 64-bit. Lots of 32-bit software runs on 64-bit, but not all. Only programs that execute in kernel mode (32-bit) won’t work in a 64-bit environment. So that doesn’t include “all” baddies out there. Just be as careful as you would be normally. Avast! works for it thankfully and we can all be glad for that but yeah… be cautious still it’s not a safeguard to have 64-bit by any means unfortunately. Hope that helped enjoy!
[u]but - please load ‘acrotray.exe’ up to ‘Jotti’s malware scan’ or ‘Virus Total’ for a check
it’s located in : C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
[/u] now start an internal search for ‘acrotray.exe’ especially in %WINDIR%\System32\ !
next tomorrow
Isn’t acrotray part of Adobe Acrobat. From what I’ve read so far on the internet, it’s an annoying resource hog, but not a virus. Is that a common target of infection?
