Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Malware issues - Windows 7

05 Dec 2011   #1

Windows 7 Home Premium 32bit
Malware issues - Windows 7

I just lent my computer to my brother, and it came back with a "windows 7 security" malware. I don't understand how it got through, but I guess that doesn't fully matter as much as getting rid of this. I ran malware bytes, the free version, and it said it removed the files, but when I restarted my computer, 4 error codes came up:

Windows cannot find 'C:\Windows\System32\igfxtray.exe'. Make sure you typed the name correctly, and then try again.

Windows cannot find 'C:\Windows\System32\kdcmd.exe'. Make sure you typed the name correctly, and then try again.

Windows cannot find 'C:\Windows\System32\igfxtrayTiltWheelMouse.exe'. Make sure you typed the name correctly, and then try again.

Windows cannot find 'C:\Windows\System32\igfxpers.exe'. Make sure you typed the name correctly, and then try again.

Now, when I tried to close these, it re-boots the malware. If it matters, the file doesn't appear to be "real" in the sense that my computer works mostly fine without it, and the icon is a red circle with an X in it.
The only other thing I noticed was, I tried to load up a program that accesses locally stored data (HoldemManager fwiw) and I am unable to load it up, getting the message:
"The following error occurred when trying to open the database: Unable to read data from transport connection: An existing connection was forcibly closed by the remote host."

Please help, you're my only hope! (Starwars reference)

My System SpecsSystem Spec
05 Dec 2011   #2

Windows 7 Professional SP1 32-bit

Welcome to SevenForums!

Do you have a restore point from before you let your brother have the computer? See if you can go back to it and then perform another full scan with Malwarebytes.

Which antivirus software do you have running? What exactly did you find during the scan?

Most importantly: find out what it is your brother did with the machine. He was obviously careless with it - humans are still the main reason systems get infected.
My System SpecsSystem Spec
05 Dec 2011   #3

Microsoft Community Contributor Award Recipient


Hello Jeas and welcome to Seven Forums.

First, my usual disclaimer: I'm not an expert at anything! :)

Never, ever lend your computer to your brother again!

I'd suggest making a copy of the free Microsoft Standalone System Sweeper. Run the full scan and see if that doesn't help.

You could also try the free Hitman Pro as yet another malware scanner.

Hitman Pro 3 - SurfRight

igfxtray is a process which allows you to access the Intel 81x series Graphics configuration and diagnostic application for the Intel graphics chipset. This program is a non-essential system process, and is installed for ease of use via the desktop tray. You could uninstall them if you want to. Since I'm not an expert at anything I'm not sure if you can download clean copies from the Intel website.

And not to sound like I'm preaching, but this is a good example of why a system image is so important. If a machine gets corrupted by malware or anything else, a system image can get the machine up and running to a known clean condition in minutes.
My System SpecsSystem Spec

05 Dec 2011   #4

Windows 7 Professional SP1 32-bit

Quote   Quote: Originally Posted by marsmimar View Post
Never, ever lend your computer to your brother again!
I was actually making a point of not saying it so bluntly - but, yeah. LOL.
My System SpecsSystem Spec
05 Dec 2011   #5
Microsoft MVP

Windows 7 Ultimate 32bit SP1

Can you post the .txt log that Malwarebytes produced? (copy and paste in next reply)
My System SpecsSystem Spec
05 Dec 2011   #6

Windows 7 Home Premium 32bit

Malwarebytes' Anti-Malware
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: 8311

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

04/12/2011 9:20:04 PM
mbam-log-2011-12-04 (21-20-04).txt

Scan type: Quick scan
Objects scanned: 190348
Time elapsed: 5 minute(s), 13 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
c:\Users\Eric\AppData\Roaming\Dyumi\loafm.exe (Trojan.Agent) -> 4064 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{D15595C0-510F-6754-D6D4-8567D012C361} (Trojan.Agent) -> Value: {D15595C0-510F-6754-D6D4-8567D012C361} -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Eric\AppData\Roaming\Dyumi\loafm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
The above it the log from the scan. I'm about to try the other malware removal programs posted in this thread.

He won't tell me or admit it was him that got the malware, so I'm not 100% sure, but I agree with you guys that I'm never lending it to him again.
My System SpecsSystem Spec
06 Dec 2011   #7
Microsoft MVP

Windows 7 Ultimate 32bit SP1

I'd like you to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
My System SpecsSystem Spec

 Malware issues - Windows 7

Thread Tools

Similar help and support threads
Thread Forum
Changing File Decription for link to Malware Bytes Anti-Malware
Have been using Win 7 Ultimate x64 for quite a while but tonight ran into a small problem. I like to keep the titles for links very short and want to rename "Malwarebytes Anti-Malware" (I am a registered, paid user) to simply "Malwarebytes". I am listed as an Administrator and I used LockHunter to...
System Security
ACER OEM W7x64 Non Genuine after HDD/Malware Issues
Hi, I don't know where to start explaining the stuff I have done in the last 2 weeks in regards to this PC. I had HDD/Partition issues, I couldn't start in Safe Mode, without BSOD initially. I was able to "rectify" enough using Install DVD iso from digitalriver. I ran a restore to a point...
Windows Updates & Activation
MSE Error Code: 0x80073b01/Issues with Malware, MSE, and Webroot
I just had a clean install done on my laptop. Someone downloaded something onto it, I can't find it, and the anti-virus I am using, Webroot, detected 4 different malware infections. I tried to clean the files with Webroot, and it could only get rid of 3, so I tried Malwarebytes Pro, but it did...
System Security
DSL issues- could malware be at fault? Maleware I can't detect?
I've been having internet issues since roughly January, which started at night between midnight and 6 AM, but has become more frequent. I generally suspect an ISP issue, or maybe a modem going faulty(it's a Netopia modem my ISP gave me 6 years ago). I have a technician coming out Tuesday to check...
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 12:46.
Twitter Facebook Google+