Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

twwmphrimqh.exe


  • Please log in to reply

#1
torlond

torlond

    New Member

  • Member
  • Pip
  • 1 posts
:tazz:
This little file keeps depositing itself on my hard drive and I can't seem to keep it from returning after I delete it. I have it blocked in my Sygate Firewall but this doesn't seem to stop it - any ideas on how to get rid of it for good?
This is what the firewall says everytime it sees it:

The executable has changed since the last time you used: C:\WINDOWS\twwmphrimqh.exe
File Version : 1.0.2.8
File Description : Aurora
File Path : C:\WINDOWS\twwmphrimqh.exe
Process ID : 0xCB4 (Heximal) 3252 (Decimal)

Connection origin : local initiated
Protocol : TCP
Local Address : 209.135.115.80
Local Port : 1971
Remote Name : xadsj.offeroptimizer.com
Remote Address : 64.95.228.143
Remote Port : 80 (HTTP - World Wide Web)

Ethernet packet details:
Ethernet II (Packet Length: 76)
Destination: 03-00-20-00-03-00
Source: 00-00-03-00-00-00
Type: IP (0x0800)
Internet Protocol
Version: 4
Header Length: 20 bytes
Flags:
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset:0
Time to live: 64
Protocol: 0x6 (TCP - Transmission Control Protocol)
Header checksum: 0xc884 (Correct)
Source: 209.135.115.80
Destination: 64.95.228.143
Transmission Control Protocol (TCP)
Source port: 1971
Destination port: 80
Sequence number: 1229602151
Acknowledgment number: 0
Header length: 28
Flags:
0... .... = Congestion Window Reduce (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgment: Not set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Checksum: 0xa46a (Correct)
Data (0 Bytes)

Binary dump of the packet:
0000: 03 00 20 00 03 00 00 00 : 03 00 00 00 08 00 45 00 | .. ...........E.
0010: 00 30 4C 39 40 00 40 06 : 84 C8 D1 87 73 50 40 5F | .0L9@.@.....sP@_
0020: E4 8F 07 B3 00 50 49 4A : 3D 67 00 00 00 00 70 02 | .....PIJ=g....p.
0030: 20 00 6A A4 00 00 02 04 : 05 B4 01 01 04 02 66 66 | .j...........ff
0040: 65 72 6F 70 74 69 6D 69 : 7A 65 72 03 | eroptimizer.
  • 0

Advertisements


#2
darth_ash

darth_ash

    Member 1K

  • Member
  • PipPipPipPip
  • 1,382 posts
Please go to the malware forum and follow the instructions at the top....Especially the CLICK HERE .

That will give you several steps that will help you clean up 70 percent of all problems by yourself. If at the end of the process you are still having difficulty--and you may not be-- then post a hijackthis log in THAT forum.

If you are still having problems after getting a clean bill of health from the malware expert, please return to this thread.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP