I'm also suspicious of that one.
If he runs the standalone sweep, I suspect that this one could be caught. The standalone sweep doesn't boot up into his win 7 but rather into a ram disk Pre-execution Environment version of Win 7 running only on the ram disk. Thus the win 7 on the hard disk can be checked without "alerting' the malware.
Also autoruns would cast some light on that one as to whether it is "verified" and the source.
I ran the Mircrosoft Standalone System Sweeper Tool and 35 items where detected and cured. Restarted and the same problem still occured.
Did a system restore to earlier last month and everything seems fine, Mcafee is working fine and there doesn't seem to be any problems. Now could this be the end of the matter?
Should I do anything else now I've done the system restore, such as another stand alone scan or a sweep with Malware bytes? I've just set a full scan running with Mcafee, not that it does much good by the sounds of you guys haha.
First of all, whenever you get this sort of message on booting up or logging in it is invariably malware. A quick google of that file name has only returned 1 result, namely this thread. You should never click anywhere on the message, either Yes or No. Instead, end the program through Task Manager.
Can you let us know what you have got in the following Registry locations:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Also, do a full registry search for fsayopphnkpmiicu and nncemnnx and report back with any results.
As mentioned above, a Google search for the first term returned this thread as its only result. The second term returned no results whatsoever, another clear indication of possible/likely malware.
I would get WinPatrol
At least the free version. When it detects something is added to start with Windows, it pops up a dialog and asks you to allow it or not.
Just a precaution for the future. Unlike real-time av shields, there's just about zero performance penalty for running WinPatrol. It checks what it checks every so often. The time between checks is adjustable in settings.
Also it has a tab where you can see auto start entries. Not as comprehensive as autoruns but a lot easier to see what's going on and catches most auto start stuff. Also has a delay start feature that's handy.
Clickand type regedit.exe into the search box and press Enter/Return. Now browse for the locations I mentioned in exactly the same way as you would in Windows Explorer.
For the registry search, click on Edit and then Find... (or use the Ctrl+F shortcut). Type the term that you wish to search for in the box Find what:. Leave the other options at their default, and click on Find Next. Make a note of the location of any matches and then press F3 to continue the search. Keep doing this until you get the message Finished searching through the registry.
As I mentioned earlier a 10 second google search produced no hits on the rogue software - a dead giveaway. Unfortunately you may get some warnings by googling on some essential windows elements.
The best security is to keep sufficient images so you can reimage to a point before you took the malware onboard.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run -
Name (Default)
Type REG_SZ
Data (value not set)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -
Name (Default)
Type REG_SZ
Data (value not set)
Name Apoint
Type REG_SZ
Data C:\Program Files\DellTPad\Apoint.exe
Name Broadcom Wireless Manager UI
Type REG_SZ
Data C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
Name HotKeysCmds
Type REG_SZ
Data C:\Windows\system32\hkcmd.exe
Name IAAnotif
Type REG_SZ
Data C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
Name IgfxTray
Type REG_SZ
Data C:\Windows\system32\igfxtray.exe
Name Persistence
Type REG_SZ
Data C:\Qindows\system32\igfxpers.exe
Name Quickset
Type REG_SZ
Data C:\Program Files\Dell\QuickSet\QuickSet.exe
Name SysTrayApp
Type REG_EXPAND_SZ
Data C:\Program Files\IDT\WDM\sttray64.exe
Also searching the registry for fsayopphnkpmiicu and nncemnnx came up with nothing.
Replace MuckAfee with Microsoft Security Essentials (MSE). Link in my sig.
Run the Standalone System Sweeper again please. A Full Scan.
Until Standalone System Sweeper runs and comes up empty-handed then proceeding is senseless.
Stay away from Torrent sites. Stay away from P2P sites. Use the Web Of Trust add-in for your browser so can be aware of the bad sites. Do this after the Systerm Sweep. The System Sweep is priority number one.
Hi there, just registered to let you know how I got on with this problem.
I had the annoying upgrade popup, which I couldn't cancel (and obviously didn't want to approve), so I clicked on further information and found that it was to do with a file in users/MYUSERNAME/appdata/temp/ (I'm typing this from memory, so that might not be entirely correct)
So I deleted that file, only to find I still had the same problem.
I booted into safe mode (f8 before the windows logo appears), and I found that it was in my recycle bin (Even though I had shift+deleted everything in the temp folder) so I once more deleted it.
I also disabled a few items that I didn't recognise from my startup programs (Click 'start' and type msconfig into the box, then click the startup tab and have a look), they were called something like jkhlwafi (again, I'm typing from memory, and I could not find any mention of them when I searched google)
Not sure which of those steps sorted my problem out, but on booting back in normal mode, I have no more request to install the software.
Quote