C:\WINDOWS\system32\trufvg.exe



Nick
07-09-2005, 11:42 PM
This one (trufvg.exe) recently showed up in my processes list, any ideas on
what it's for? Is it wise to stop it?

Malke
07-09-2005, 11:42 PM
Nick wrote:

> This one (trufvg.exe) recently showed up in my processes list, any
> ideas on what it's for? Is it wise to stop it?

Since a Google for "trufvg.exe" brings up no links, this file is almost
certainly malware. Here are malware removal steps:

First delete all Temporary and Temporary Internet Files. For IE's
Temporary Files, go to Control Panel>Internet Options>General tab.
You'll see where you can delete cookies and files. For Firefox, clear
its cache by going to Tools>Options>Privacy>Cache> Clear. For Windows
Temporary files, Start>Run cleanmgr [enter]. Then follow these detailed
malware removal steps, doing everything with updated tools in Safe
Mode. You can find all the links to referenced programs and sites on
my website here:

http://www.elephantboycomputers.com/page2.html#Removing_Malware

1) Scan in Safe Mode with current version (not earlier than 2004)
antivirus using updated definitions.

Before you remove malware, get LSPFix or WinSockFix for XP - see links
below.

2) Remove spyware with Spybot Search & Destroy and Ad-aware. These
programs are free, so use them both since they complement each other.
There is a new version of CWShredder from Intermute. I would not
install the other Intermute programs, however. Alternately, there are
CoolWebSearch malware removal steps at SilentRunners.

Be sure to update these programs before running, and it is a good idea
to do virus/spyware scans in Safe Mode. Make sure you are able to see
all hidden files and extensions (View tab in Folder Options).

If the malware remains even after you used Ad-aware and Spybot, you can
scan with HijackThis. HijackThis is an excellent tool to discover and
disable hijackers, but it requires expert skill. See the links on my
website for a HijackThis tutorial and places where you can post your
HJT log. Again, this is an expert tool and novices should get help
with it.

3) If you are running Windows ME or XP, you should disable/enable System
Restore after the system is clean because malware will be in the
Restore Points. With ME, you must disable System Restore completely.
With XP, you can delete all but the most recent (presumably clean)
System Restore point from the More Options section of Disk Cleanup
(Run>cleanmgr).

4) Make sure you've visited Windows Update and applied all security
patches. Do not install driver updates from Windows Update.

5) Run a firewall.

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

PA Bear
07-09-2005, 11:42 PM
TRUFVG.EXE is not a valid Windows file, Nick. You've been hijacked.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/data/tshoot.htm
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine.blogspot.com/

--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE) & Security


Nick wrote:
> This one (trufvg.exe) recently showed up in my processes list, any ideas
> on what it's for? Is it wise to stop it?

JS
07-09-2005, 11:42 PM
Malke wrote:

> I would not install the other Intermute programs, however.

> Do not install driver updates from Windows Update.

Hi Malke

Just curious. Why do you recommend the above?

PA Bear
07-09-2005, 11:42 PM
JS wrote:
> Malke wrote:
>
> > I would not install the other Intermute programs, however.
>
> > Do not install driver updates from Windows Update.
>
> Hi Malke
>
> Just curious. Why do you recommend the above?

Once burned, twice shy.

Wesley Vogel
07-09-2005, 11:42 PM
Get updated drivers from the manufacturer's web site. Their drivers are
going to be better than most generic MS drivers.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In news:3fh35vF7ndrgU1@individual.net,
JS <user@example.net> hunted and pecked:
> Malke wrote:
>
> > I would not install the other Intermute programs, however.
>
> > Do not install driver updates from Windows Update.
>
> Hi Malke
>
> Just curious. Why do you recommend the above?

Rock
07-09-2005, 11:42 PM
Nick wrote:
> This one (trufvg.exe) recently showed up in my processes list, any ideas on
> what it's for? Is it wise to stop it?
>
>

Google is an indispensible tool. And in this case since google gives no
hits, that stronlgy suggests it's malware.

Richard Harper’s Guide to Cleaning Pests
http://rgharper.mvps.org/cleanit.htm

http://aumha.org/a/parasite.htm

--
Rock
MS MVP Windows - Shell/User

Nick
07-09-2005, 11:43 PM
"Nick" wrote in message news:VcIke.27237$J25.8910@bignews6.bellsouth.net...
> This one (trufvg.exe) recently showed up in my processes list, any ideas
> on what it's for? Is it wise to stop it?


Thanks one and all - am cleaning up now, with a healthy dose of newn found
paranoia.


C:\WINDOWS\system32\trufvg.exe