Niwus.exe is a virus or spyware?

[Damarwulan]

Hi everybody.....
When I start my laptop shown that niwus.exe want to connect internet, this program come from \program files\windows NT\, if I am allowed to connect to the Internet, the program spends approximately Internet quotas 70kb
Is this kind a new variant virus or spyware?, can't I delete them and how the the safe way to to remove them?
And here another file in windows NT, it call niwus.nof
The lister of niwus.nof:
URL,,Stealth Redirect To,http://stebuklas.dgorter2.hop.*********.net/ ,0,0
URL,,Stealth Redirect To,http://stebuklas.brammidas.hop.*********.net/ ,0,0
URL,,Stealth Redirect To,http://stebuklas.websellers.hop.*********.net/ ,0,0
URL,,Stealth Redirect To,http://stebuklas.btbet.hop.*********.net/ ,0,0
URL,,Stealth Redirect To,http://stebuklas.cragar.hop.*********.net/ ,0,0
URL,p,Stealth Redirect To,http://stebuklas.postyourhm.hop.*********.net/ ,0,0

Why this progam want to connect internet by visit to those sites?

2nd question:
My laptop installed AVG Internet Security v9.0.733
If I connect the internet my firewall say that the following program (windows) trying to connect:
wermgr.exe
rundll32.exe
service.xe
taskhost.exe
isass.exe
svchost.exe
msdt.exe
msiexec.exe
Can't I stop them by blocking to the internet connection?, and why Windows always try connect internet?
Please, I need advise.

 

[Carbonyl]

Upload the file (Niwus.exe) to Virus Total, and if any A/V scanners pick it up as something nasty.

I can tell you that rundll32.exe, service.exe, taskhost.exe, svchost.exe, and msiexec.exe are safe if they are running from the \Windows\System32 or \Windows\SysWOW64 directories. The others in your second question may be safe, but I can't comment on them.

 

[Capt.Jack Sparrow]

Hi everybody.....
When I start my laptop shown that niwus.exe want to connect internet, this program come from \program files\windows NT\, if I am allowed to connect to the Internet, the program spends approximately Internet quotas 70kb
Is this kind a new variant virus or spyware?, can't I delete them and how the the safe way to to remove them?
And here another file in windows NT, it call niwus.nof
The lister of niwus.nof:
URL,,Stealth Redirect To,http://stebuklas.dgorter2.hop.*********.net/ ,0,0
URL,,Stealth Redirect To,http://stebuklas.brammidas.hop.*********.net/ ,0,0
URL,,Stealth Redirect To,http://stebuklas.websellers.hop.*********.net/ ,0,0
URL,,Stealth Redirect To,http://stebuklas.btbet.hop.*********.net/ ,0,0
URL,,Stealth Redirect To,http://stebuklas.cragar.hop.*********.net/ ,0,0
URL,p,Stealth Redirect To,http://stebuklas.postyourhm.hop.*********.net/ ,0,0

Why this progam want to connect internet by visit to those sites?

2nd question:
My laptop installed AVG Internet Security v9.0.733
If I connect the internet my firewall say that the following program (windows) trying to connect:
wermgr.exe
rundll32.exe
service.xe
taskhost.exe
isass.exe
svchost.exe
msdt.exe
msiexec.exe
Can't I stop them by blocking to the internet connection?, and why Windows always try connect internet?
Please, I need advise.

Hello, Welcome to SF,

According to some forums that file is a Virus. best thing to do would be disable from Startup.

Start > msconfig > Startup then if you find it uncheck it and reboot the System that should prevent from Starting up.

Also download Malwarebytes and run it.

Other services that your referring to are Windows services which you don't want to block.

Hope this helps,
Captain

 

[Damarwulan]

Ok, stoping this program using msconfig.exe
If this virus, can't I delete folder \program files\windows NT\*.* ?
Many thanks

 

[hubris]

I would follow the advice given if i were you.

cheers.

 

[Vino Rosso]

Hi

As advised previously...

1 - Upload a File to Virustotal

• Highlight all the following in purple and press Ctrl+C on your keyboard to copy
  
• c:\program files\windows NT\niwus.exe
  
• Please click >here< to visit Virustotal
• Click into the blank box on the Virus Total page and press Ctrl+V on your keyboard to paste
• Click the Send File button
• Copy and paste the Virustotal results back here please

 

[krazymate]

theres a new antivirus out that runs as a BAT file
called
ComboFix
try it let us know if it workss
even
Malwarebytes
dont panic and run them all at the same time if its a bad virus or spyware run in safe mode and use the antivirus to scan there thn youll have no porgrams running but your OS
cya

 

[Tepid]

ComboFix is not an Antivirus.

You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.

I would add,, a skilled helper that gives you specific advice on how to use it and run it. Mainly the guys at the forums listed at the bottom of the link i provided.

 

[hubris]

Very true Tepid. Only EVER use Combofix when asked to by a Trusted person on a Trusted Security forum!!!

Same goes for any advanced Removal/ analysis software.

 

[Vino Rosso]

ComboFix is not an Antivirus.

You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.

I would add,, a skilled helper that gives you specific advice on how to use it and run it. Mainly the guys at the forums listed at the bottom of the link i provided.

Yep! That cannot be stressed enough.

 

[krazymate]

lol sorry guys just giving him some advice !
but ye you should ask a more required helper
cheers !

 

[Jacee]

Type regedit in the start seach box. Click on the icon .... now look for (by expanding each selection)
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
Delete niwus if found.

 

[Damarwulan]

many thanks for your all reply...
and here the following analysis of the virus total that I have uploaded a few days ago:

File niwus.exe received on 2010.02.13 09:19:24 (UTC)
Current status: finished
Result: 19/41 (46.34%)


Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.02.13 Trojan-Dropper.Agent!IK
AhnLab-V3 5.0.0.2 2010.02.12 -
AntiVir 7.9.1.160 2010.02.12 TR/Dropper.Gen
Antiy-AVL 2.0.3.7 2010.02.13 -
Authentium 5.2.0.5 2010.02.13 -
Avast 4.8.1351.0 2010.02.12 Win32:Malware-gen
AVG 9.0.0.730 2010.02.12 -
BitDefender 7.2 2010.02.13 -
CAT-QuickHeal 10.00 2010.02.13 -
ClamAV 0.96.0.0-git 2010.02.13 -
Comodo 3920 2010.02.13 TrojWare.Win32.TrojanDropper.Agent.bkhq
DrWeb 5.0.1.12222 2010.02.13 -
eSafe 7.0.17.0 2010.02.11 Win32.TRDropper
eTrust-Vet 35.2.7300 2010.02.12 -
F-Prot 4.5.1.85 2010.02.12 -
F-Secure 9.0.15370.0 2010.02.13 -
Fortinet 4.0.14.0 2010.02.13 W32/Agent.BKHQ!tr
GData 19 2010.02.13 Win32:Malware-gen
Ikarus T3.1.1.80.0 2010.02.13 Trojan-Dropper.Agent
Jiangmin 13.0.900 2010.02.08 TrojanDropper.Agent.aiqr
K7AntiVirus 7.10.972 2010.02.12 Trojan-Dropper.Win32.Agent.bkhq
Kaspersky 7.0.0.125 2010.02.13 Trojan-Dropper.Win32.Agent.bkhq
McAfee 5890 2010.02.12 -
McAfee+Artemis 5890 2010.02.12 Artemis!A3F4085D7B0E
McAfee-GW-Edition 6.8.5 2010.02.13 Trojan.Dropper.Gen
Microsoft 1.5406 2010.02.13 -
NOD32 4862 2010.02.12 -
Norman 6.04.08 2010.02.12 -
nProtect 2009.1.8.0 2010.02.13 Trojan-Dropper/W32.Agent.1675205
Panda 10.0.2.2 2010.02.12 Trj/Downloader.MDW
PCTools 7.0.3.5 2010.02.13 Trojan.Generic
Prevx 3.0 2010.02.13 -
Rising 22.34.01.03 2010.02.11 Dropper.Win32.DotNet.a
Sophos 4.50.0 2010.02.13 -
Sunbelt 5675 2010.02.13 -
Symantec 20091.2.0.41 2010.02.13 Trojan Horse
TheHacker 6.5.1.4.191 2010.02.13 -
TrendMicro 9.120.0.1004 2010.02.13 -
VBA32 3.12.12.2 2010.02.12 Trojan-Dropper.Win32.Agent.bkhq
ViRobot 2010.2.13.2186 2010.02.13 -
VirusBuster 5.0.21.0 2010.02.12 -

Additional information File size: 1675205 bytes MD5 : a3f4085d7b0ef568417f77aab1c419d4 SHA1 : 4bae0206f964af933ba64312ef8e2a740cff027f SHA256: 787fac9a7a1e4c2e40596e8455cf548c5a0b1577e48c22bb6feff3329769e565 PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x3213E
timedatestamp.....: 0x4B27F03C (Tue Dec 15 21:23:24 2009)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x2000 0x30144 0x30200 7.98 680bc6b61da4bcfbf189fbf06a25af62
.sdata 0x34000 0x6E 0x200 1.63 83ffd7587ae4141748d42dc788d4ee59
.rsrc 0x36000 0xA3C 0xC00 4.42 5389ec9df06e82fc816dfcdcf987a755
.reloc 0x38000 0xC 0x200 0.10 f69b4c42ddbfebb4afb585957632447e

( 1 imports )

> mscoree.dll: _CorExeMain

( 0 exports )
TrID : File type identification
Generic CIL Executable (.NET, Mono, etc.) (72.5%)
Windows Screen Saver (12.9%)
Win32 Executable Generic (8.4%)
Win16/32 Executable Delphi generic (2.0%)
Generic Win/DOS Executable (1.9%) ssdeep: 12288:jvQG/UIHmNLsdXcXovVVZIIs+KjNf+VQ52L:ktIG58EAV0+8Nf+AY sigcheck: publisher....: Microsoft
copyright....: Copyright (c) Microsoft
product......: n/a
description..:
original name: stub.exe
internal name: stub.exe
file version.: 1.0.0.0
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD : - RDS : NSRL Reference Data Set
-


but I wonder why my AVG did not detect anything?, do I have to change the anti-virus?
once again ...., what is the best antivirus?

 

[Corrine]

but I wonder why my AVG did not detect anything?, do I have to change the anti-virus?
once again ...., what is the best antivirus?

Not every antivirus software or anti-malware software has the identical detections. If they did, why would there be multiple products?

As to asking which A/V is the best product, you could receive as many recommendations as people who respond to your question because it seems everyone has a favorite. The best A/V product is the licensed or free A/V that works well on your computer and has the features you are comfortable with.

A/V is not the only line of defense. A good anti-malware software with real-time protection as well as keeping your software up to date with all security updates. This does not mean just Microsoft security updates but also products by Adobe and Oracle SunJava.

Now that the "lecture" is over , have you run Malwarebytes as previously suggested?

 

[krazymate]

Definatly you need a new anti virus Avg is no good for you
im not a big fan of it myself it runs extra programs in the task manager which helps slow your pc down
it wont be any good for you
Yes there is free antivirus software out there BETTER than Avg
such as
Avast - it gives you a online scanner to so if any sites you may come across which leaks a bug through your pc it will pick it up straight away i like to say its like NOD 32 it does exact same job i have it myself.
Malwarebytes - this is a great ! scanning program but if its thhe free version you wont be able to run it full time unless you have a serial key but its great for detecting spyware trojans etc...
NOD32 - this i would certainly recomend no no its not free i know
but put it this way
it will do everything you want it to do it will pick up your socks and put them in your draw !
im sure you can get it off siites i cant say because its windows 7 forum i goot a warning already lol
but have a look round anyway but certainly
ii would recomend get a new antiivirus !
Good Luck !