odd issue with Win32:Swizzor-gen [Trj]

So here’s what’s odd - Every couple of hours, even while my PC is idling and I’m not actively browsing, downloading, or anything, I get an alert popup from Avast!'s on-access scanner which says the following:

A trojan horse was found! There is no reason to worry, though, Avast! has stopped the malware before it could enter your computer. When you click on the abort connection button, the download of the dangerous file will be canceled.

Virus: Win32:Swizzor-gen [Trj]
Location: http://[don’t actually go here]bins.dns-look-up.com/bins/int/upAYB.int
VPS version: 0652-6, 12/01/2006

I looked up Swizzor and its variants and read all about its effect on the target PC, and have tentatively determined that I’m not really infected because I’m experiencing NONE of the symptoms of Swizzor infection. Also, I scheduled and ran a boot-time scan with Avast! and nothing was found. However, it is obviously very worrisome that I KEEP getting that message, always with the same web address as the location of the worm. Since the location isn’t even on my PC, there’s nothing to clean, so what’s going on?

It has to be one of two things:

1 - Someone else’s infected PC (among the thousands and thousands that I interact with during P2P file transfers) grabbed my IP address and is repeatedly attacking it

2 - (more likely) A downloader for Swizzor has been installed on my computer somehow (and is not being detected by multiple scans) and is repeatedly attempting to make the connection to that URL and infect my PC, always being headed off by Avast!

There are two things I did immediately prior to this starting to happen: 1) I temporarily halted Avast!'s on-access scanner to run Panda’s online scan through IE (IE… suspicious =p) 2) I started some new bittorrent downloads (I have been downloading nonstop for months, but it’s possible that I finally made a P2P connection with someone’s infected PC and it actually managed to find a loophole in Windows security, my nVidia firewall (set at generic Medium level at the time) and Avast! all at once.

SOoooo… I’m rather vexed. My OS has not been damaged in any way, and it’s all well and good to just keep hitting “abort connection” (lol), but I want to figure out what’s going on and resolve it. This seemed to be the forum to try first, considering I’ve been using Avast! as my primary resident AV for years now.

One more thing worthy of note:

I update and run scans with AdAware and Spybot S&D every week or two, and I utilize Spybot’s immunization database (and update it as frequently as possible). If there are any more excellent anti-spyware/malware programs out there that I can add to these two as part of my routine scans, let me know about them as well.

Thank you VERY much for any feedback/input/help you guys can provide me!

Try avg anti spyware (formerly ewido)

Ewido 4.0 is available for download from

www.filehippo.com/download_ewido/?1208 .

I think you are right, the downloader may well be on your computor. I had a similar situation, avast caught the trojan, but missed the downloader. I found it using mcafee online scan.

Can you put the url in web shield’s url blocker?

Also what is your fire wall something is obviously gaining access to the internet.

Ah, forgot to mention that - I already used AVG/Ewido as well, most recent version/definitions. My firewall is nVidia… came with the chipset drivers for my motherboard. I stuck the URL in URL blocker, so at least the consant alerts might go away, but I want to find where this thing is hiding. I’ll try McAffe’s online scan, and I know there are several other good ones.

Ok good.

Is there a logging feature in you firewall that you may be able to use, to see what application/file is trying to access that web site? Or it is also possible that something is accepting trafic from there.

I’m not sure if web shield log is capable of logging what it blocked from going to the blocked url.

Good luck

edited to add Welcome to he forum!

It’s not in my firewall’s log’s at all, as either incoming or outgoing traffic, which means Avast is blocking it before it even gets that far… and WebShield doesn’t have a log that’ll help with that either, to my knowledge. Although, since I stuck the URL into WebShield’s blocked URLs list, Avast has stopped giving me alerts…

Being as lazy as I am, I’m tempted to just let it lie, but it doesn’t sit easily with me knowing there’s a downloader hiding somewhere on my computer. Hopefully the online scans will pick it up, or a future set of definitions for Avast, AdAware, Spybot or Ewido.

Hi daft,

Could you post a HijackThis! log for us? We might be able to see something in that.

http://www.bleepingcomputer.com/tutorials/tutorial42.html

Can you modify your post and break the link so it isn’t active and possibly infect someone accidentally or too inquisitive for their own good. DrWeb also confirms the infection at that site so not a false detection.

e.g. http://[break]bins.dns-look-up.com/bins/int/upAYB.int

avast will stop giving alerts as it is blocking the URL and not scanning so no alert.

I suspect your firewall isn’t up to the job as I would have expected a half decent one to protect against unauthorised outbound connections.

Hi daft,

Here is the removal instruction:
http://www.spywaredb.com/remove-trojandownloader-win32-swizzor/

polonus

Ech, sorry about the URL thing, it didn’t even occur to me. Fixed now.

I’ve blocked http:// .dns-look-up.com/, because I noticed there were also attempted to connections to http:// ayb.dns-look-up.com/ in addition to bins.dns-look-up…etc

There’s definitely something fishy with that URL. I’ll post my HijackThis log after this post because it’s too big to fit in any other text along with it.

I searched for all of the files and registry keys listed on that removal instructions page and found none of them, however, the HijackThis scan picked up:

O4 - HKCU..\Run: [chin browse] C:\DOCUME~1\Greg\APPLIC~1\REMOTE~1\more user window.exe

Which is HIGHLY suspect, as it follows the same naming convention as a lot of the files that were listed on that page as being associated with this worm, not to mention it’s in a suspicious location. I’ve already deleted it and its corresponding registry key. Apart from that, I didn’t see anything too suspect, but I don’t really have the expert eyes to find the really subtle hints that might be in that log.

Thanks again.

Bah, gonna have to cut this in half so that it doesn’t exceed the maximum number of characters for a post here.


Logfile of HijackThis v1.99.1
Scan saved at 4:03:02 PM, on 12/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\ITE\Smart Guardian\ITESmart.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\eVGA\ResChanger2004\ResChanger2004.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ABC\abc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Greg\Desktop\hijackthis\HijackThis.exe


O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM..\Run: [NVMixerTray] “C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe”
O4 - HKLM..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe”
O4 - HKLM..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 “EPSON Stylus CX5400” /O5 “LPT1:” /M “Stylus CX5400”
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM..\Run: [UnlockerAssistant] “C:\Program Files\Unlocker\UnlockerAssistant.exe”
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM..\Run: [NVIDIA nTune] “C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe” clear
O4 - HKLM..\Run: [SmartGuardian] C:\Program Files\ITE\Smart Guardian\ITESmart.exe
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [Acrobat Assistant 7.0] “C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe”
O4 - HKLM..\Run: [Launch LGDCore] “C:\Program Files\Logitech\G-series Software\LGDCore.exe” /SHOWHIDE
O4 - HKLM..\Run: [Launch LCDMon] “C:\Program Files\Logitech\G-series Software\LCDMon.exe”
O4 - HKLM..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe
O4 - HKLM..\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU..\Run: [ResChanger2004] C:\Program Files\eVGA\ResChanger2004\ResChanger2004.exe
O4 - HKCU..\Run: [googletalk] “C:\Program Files\Google\Google Talk\googletalk.exe” /autostart
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”
O4 - HKCU..\Run: [chin browse] C:\DOCUME~1\Greg\APPLIC~1\REMOTE~1\more user window.exe
O4 - HKCU..\Run: [clipboard.exe] C:\WINDOWS\system32\clipboard.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149196082795
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149203243500
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: app_filter - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe

Suggest you upload “more user window.exe” to
Jotti: http://virusscan.jotti.org/ and or VirusTotal: http://www.virustotal.com/flash/index_en.html
for verification and additional check.

Also Java version is now 1.5.0_10
Sun Java Runtime Environment 5.0 Update 10 Download link Major Geeks
Runtime Environment 5.0 Update 10 Major Geeks

There were 4 exes in a folder called REMOTE SAVE COOL:

more save window.exe
MEDIA TRAY BODY.exe
drbpqztx.exe
qfopffrt.exe

more save window.exe and MEDIA TRAY BODY.exe came up as completely clean on both scan sites. However, both of the random-letter exe files generated messages.

From Jotti: “MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren’t packed and don’t force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.)”

From VirusTotal: 3 scanners reacted - Fortinet 2.82.0.0 and Panda 9.0.0.4 labelled them “suspicious” and Prevx1 V2 called it Adware.Lop (generic name for unidentified malware?)

I’m wondering if I should submit it as a sample…

I suggest you also check this file at Jotti/VirusTotal:

O4 - HKCU..\Run: [clipboard.exe] C:\WINDOWS\system32\clipboard.exe

You may need to enable ‘view hidden files’ to see it:

http://www.bleepingcomputer.com/tutorials/tutorial62.html

Lop is known adware: have you run scans with Adaware, Spybot Search & Destroy, a-Squared and AVG Anti-Spyware?

Hi daft,

Lop removal instructions here:
http://www.spywareremove.com/removeLop.html

polonus

Ok, but Lop != Swizzor, so that leaves the mystery unsolved =/

Plus, I regularly update and run AdAware, Spybot and AVG (haven’t heard of a-Squared, so I’ll check that out), which catches most of this stuff. At the time of the hijack this scan, it wasn’t a running process… might have been leftovers from an incomplete clean by one of the aforementioned programs, or a recent infection that had failed to fully infiltrate my OS…

Regarding clipboard.exe:

Jotti: “POSSIBLY INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file’s scan results will not be stored in the database) (Note: this file was only flagged as malware by heuristic detection(s). This might be a false positive. Therefore, results of this scan will not be stored in the database)”
NOD32 (the only scanner that found anything): Found probably unknown NewHeur_PE (probable variant)

VirusTotal: 3 scanners reacted, Panda: Suspicious file, NOD32: Same message as from Jotti, McAffe: Generic BackDoor.b

This has now been gotten rid of as well (both the registry entry and file), although I made a password protected RAR of the file to save for future analysis or whatever. So that was sketchy… and of course, now that I think about it, since when has the clipboard been its own process? But that’s why second opinions are useful.

But still… where is Swizzor hiding? Or was it a false positive caused by one of these two little beasties?

I have the same problem for about 2 weeks now and i havent been able to find the solution.

I have run ay least 4 scanners for malware in many ways (safe mode,restart,normal ,e.t.c.) but nothing.
I will try what is suggested here also and will inform about how it will go.

Thx.

nikits72,

You have a thread open on your problem and have not followed the advice regarding posting a HijackThis! log. If you don’t do this, we can’t help you.

http://forum.avast.com/index.php?topic=25450.msg208178#msg208178

daft,

If you’re still getting the same message, it’s just possible that the Trojan downloader is hidden by a rootkit. I suggest you do a few scans:

BlackLight, AVG and Bitdefender scanners are the most user-friendly. You can find links here:

http://www.geocities.com/dontsurfinthenude/antitrojan.htm

Sometimes legitimate applications have hidden processes, so don’t just delete anything you find: either do some research on Google or post the results here for advice.

Yes FreewheelinFrank ,you are right.
As a matter of fact today i would going to refresh my other post with what i did e.t.c.

Impressed by your concern.