every time i start my pc,there is a box that mention there is an error on tfwqq.exe
i searched about tfwqq.exe in google,some website said that it is a virus,but i used avast scan tfwqq which i found at C:\Documents and Settings\All Users ,but there is no virus signal
Submit the file to www.virustotal.com , it’s an online multi scanner. See what other scanners say.
Check the suspect file/s at: VirusTotal - Multi engine on-line virus scanner and report the findings here in the topic.
Send the sample to virus@avast.com zipped and password protected (if detected by multiple scanners) with the password in email body, a reference to this topic (give URL) and undetected malware in the subject.
i wanna to ask,if there is a message that mention there is an error on running tfwqq.exe …is it the tfwqq is not running anymore? and here is the result
Without the full error message it is hard to what the situation is, there may be a file that tfwqq.exe relies on is missing, etc. so we couldn’t say if it is running or not without more information.
Whilst many of the detections are heuristic detections there are enough others to say you should send the sample to avast, as I mentioned.
Or add the file to the User Files (File, Add) section of the avast chest where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.
Because of your mention of an error relating to tfwqq I would suggest downloading and running HiJackThis and post the contents of the HJT log here. You may need to split the copy and paste over two or more posts depending on how big the log is.
Program & Tutorial - Also useful as a diagnostic tool - FileHippo Download - HiJackThis - HJT Information HiJackThis Tutorial.
is it directly cut n paste it into C:\Program Files\Alwil Software\Avast4\DATA\chest ?
and i sent a the sample to virus@avast.com as u mentioned
If you are talking about the HJT log, No paste the contents of the HiJackThis log into the topic.
If you are talking about adding the file to the chest, also No, you must first open the avast chest, click the User Files section of the chest and Add (from the menu), you then navigate to the file and add it.
ok,done
if i sent a sample to virus@avast.com …will them gv me a reply ?
The don’t normally reply unless they require more info, usually not.
Don’t forget, manually adding a file to the chest User Files is different than a normal addition from a detection, in that the file is copied and the original remains in place so you have to delete that.
really hope avast will settle this ASAP …
coz i try to install kaspersky to delete this,but fail to install kaspersky
Without the full error message it is hard to what the situation is, there may be a file that tfwqq.exe relies on is missing, etc. so we couldn't say if it is running or not without more information.
You never mentioned what this error is that you get ?
That information could prove helpful.
Why do you need to install another AV to delete something which you can do manually (or is there something else you haven’t told us) ?
If you did as I suggested and added the file to the User Files section of the chest that you should delete the original from the C:\Documents and Settings\All Users location, why can’t you do that ?
Don’t try to use two antivirus at the same time…
Use Kaspersky online scanning. But better will be using BitDefender, which allows cleaning for free: http://www.bitdefender.com/scan8/ie.html
You never mentioned what this error is that you get ? That information could prove helpful.Why do you need to install another AV to delete something which you can do manually (or is there something else you haven’t told us) ?
If you did as I suggested and added the file to the User Files section of the chest that you should delete the original from the C:\Documents and Settings\All Users location, why can’t you do that ?
i did as u suggested …n the error never appear anymore …so i have no idea to give u all see it,and i found that everytime i start my pc,there is a IEXPLORE.exe auto run under USER,but i could not found any IE that running
Then you need to run HiJackThis and post the contents of the log file, that I mentioned in reply #4 above.
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HandWrite\MyNewRecog.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\HandWrite\InsTalk\InsTalk.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
G:\Program Files\Tencent\QQ\QQ.exe
G:\Program Files\Tencent\QQ\TIMPlatform.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: ThunderBHO - {06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM..\Run: [IMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM..\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [NewRecog] C:\Program Files\HandWrite\MyNewRecog.exe
O4 - HKLM..\Run: [remotecontrol] C:\WINDOWS\system32\sysave.exe
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [msnmsgr] “G:\Program Files\MSN Messenger\msnmsgr.exe” /background
O4 - HKCU..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O9 - Extra button: ???ˉ??à×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra ‘Tools’ menuitem: ???ˉ??à×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} (BMSpeedCheck Control) - http://www.pdbox.co.kr/boxmedia/ctrl_down/BMSpeedCheck.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
You should post the full contents of the log, which included the header information, so we can see things like the HJT version you are using, what OS, browser and their versions, etc.
You don’t appear to have an active firewall, what is your firewall ?
FIX:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Other than this I don’t see anything obvious.
There are two occurrences of iexplore.exe running did you have two open IE windows when running HJT ?
If you are using XP, checking what is running on startup, from the Windows Start, Run, type msconfig and click OK. When the pop-up window appears select the startup tab and see if there is an entry for iexplore.exe.