a new virus or trojan? process name ju1owen

edgargap9587 · ‎07-03-2009

a process name called ju1owen is always present when i check the task manager. im familiar with all the processes running in the background bcus i have the task manager always open so i can terminate a program easily to prevent my computer from slowing down. ive noticed in the past 3 days when ju1owen appeared as a process and couldnt terminate it as it keeps on starting again. sometimes up to (5) ju1owen processes are alway running in the background 2 at the least. ive also noticed since then that notepad.exe, win.exe, up to (5) internet explorer.exe, (2) csrss.exe normally just 1, services.exe, debug.exe, spoolsv.exe and winlogon.exe runs in the background but can be terminated though it restarts sometime later without my intervention. notepad and internet explorer's windows are never present nor opened at anytime. i searched the internet for ju1owen.exe but no result found. ran AVG, registry cleaner, spyware doctor, and avast though they found multiple trojans, trackers, etc it didnt solve the problem. my norton subscription has expired so i cant do a scan with it.

dbrisendine · ‎10-06-2008

If you want, you could run a GMER scan and post the log here. We could tell you what you have possibly.

Download GMER from http://www.gmer.net and run the program. Select "Scan" and then "Save" the log. Then attach the log file as a text file to a post here. It will be reviewed for possible malware and we will get back to you. Again, thanks for your help in this.

edgargap9587 · ‎07-03-2009

heres the test result..its attached as txt file

dbrisendine · ‎10-06-2008

Well doesn't look like any RootKits are there but you do have something weird going on. For the time being uninstall Spyware Doctor and whatever else you have from PC Tools. Then follow these:

Please download MalwareBytes' AntiMalware from this LINK . Choose the free version as this does not have a real time scanner that will interfere with Norton products. Install the program and update the definitions.

Boot into Safe Mode:
Start your system and tap the F8 key until the Advanced Options Menu appears. Using the arrow keys, select Safe Mode (no networking or command prompt) and press ENTER.

Once Safe Mode is loaded, run a full scan with MBAM. Have the program fix / delete whatever it finds and make a log file. Please post the log file contents back here for review.

edgargap9587 · ‎07-03-2009

ill put this off for now...i didnt get to update avast after installing and before scanning but now that i did avast found im infected with win32:rootkit-gen [rtk] and win32:agent-BSU [trj] during boot-up scan with win32:rootkit-gen responsible for those files i mentioned in the beginning post showing up in the task manager. I did another scan bcus the ju1owen is still in the task manager even though i moved the infected files to the virus chest. Avast is still in the process of scanning since yesterday since i picked thorough scan but changed it to standard scan few hours ago bcus its taking a very long time and even then its still scanning up to now. ill have to wait what avast can do after it finishes and so far a total of 64 infected files had been found caused by the 2 virus/trojan. i looked up both virus names and found a link for manual removal method for both viruses. For win32:agent-bsu (http://boards.cexx.org/index.php?topic=16114.0;prev_next=next) For win32:rootkit-gen (http://techsalsa.com/steps-to-remove-win32rootkit-genrtk-virus/) Ill follow both instructions if avast failed to remove both unless u guys think otherwise. thnx for reading my post and answering my problem.

delphinium · ‎11-21-2008

Edgargap9587:

First of all, you can not successfully run multiple antivirus engines at the same time.

Both AVG and Avast have forums as well where you can obtain assistance. As this is a Symantec forum for the user support of Norton products, we are unable to assist.

You can obtain a free trial version of NIS2009 on the Symantec website, but in order to use it effectively, you will have to remove all conflicting software.

What do you want to do?

Under certain circumstances profanity provides relief denied even to prayer.
Mark Twain

edgargap9587 · ‎07-03-2009

I have AVG uninstalled before installing avast since it didnt allow both to operate simultaneously anyway. Im also a user of NIS 2009 for 2 yrs prior to its expiration date a month ago; user edgargap9587; email edgargap9587(at)yahoo.com. As my previous reply stated im putting this inquiry off since ive already identified the virus and found a solution. I think i might have gotten the virus before now and the time my NIS expired. I saw weird activity thats why i just installed other free antivirus programs to find it thinking id rather save up on money and put off onto renewing a top notch antivirus program (NIS) since it is the recession but 1 mishap of mine (not updating b4 scanning) made me conclude that its a new virus hence posting it here, my trusted source of information, to validate it but it turns out its already a known virus. i just thought informing norton if it is a new virus to help the community. My thanks to dbrisendine for attempting to diagnose an exNIS users problem. By the way i did try downloading the NIS free trial but i still get the same screen telling me to renew my subscription. And true, NIS will force the user to uninstall conflicting software to eliminate its competition.

delphinium · ‎11-21-2008

Sorry Edgargap9587:

We've got seven active rootkits at the moment and we are stretched pretty thin. We have to follow Symantec policies, and we do appreciate the information. We would like to see you get the assistance that you need, but our only fix at the moment requires an active Norton product. So as much as we would like to help you. We literally can't.

Under certain circumstances profanity provides relief denied even to prayer.
Mark Twain