My computer recently slowed down and upon examination of running processes with procexp.exe (from Sysinternals) I noticed about a dozen instances of a program named idflroj.exe. It looked like a legitimate Google application, but obviously was not.
I then used autoruns.exe (also from Sysinternals) to examine my autorun entries. I noticed an odd entry under HKEY_Current_Users\Software\Microsoft\Windows\CurrentVersion\Run named mmyunxse.dll, dated 12/31/1969 6:00 PM.
I went into Safe Mode and removed the above entry with autoruns.exe, the dll it pointed to (C:\Users\Jim\AppData\Local\AdobeSetupUtility\mmyunxse.dll), and the directories containing idflroj.exe and its associated files (C:\Users\Jim\AppData\LocalLow\AppleComputer\ aqfqkmkk and mrigoqiori).
On restart the problem seems to have been fixed, but time will tell.
Has anyone else run into this problem and, if so, what did you do?
Should McAfee have seen this problem (malware?) on a scan?
What was this malware doing besides slowing down my computer?
I moved this to VirusScan although not sure if it's the consumer version you are using.
No antivirus is guaranteed to catch everything there is out there.
You might want, as a precaution, to run GetSusp, AdwCleaner and Malwarebytes Free, all in the last link below.
Enter your email address in GetSusp Preferences so the labs know where to send results. With Malwarebytes do NOT accept the free trial nor activate the software, if asked. That way it remains free and all you have to do is update before using the next time.
Toronto ▪ Canada
Volunteer Moderator - Consumer Products
I CAN'T HELP PRIVATELY - PLEASE POST IN THE FORUMS
Use Advanced Search To Find Answers
You're welcome and good luck and I noticed a glaring grammatical error in my reply so corrected it. Eyesight is not as good as it used to be. ;-)
It's impossible to say whether you've been infected with some kind of malware, nor is it possible to say anything about those files, as you've deleted them. All I can say is that the file names appear to be random creations which are not known elsewhere.
Your investigation of this problem was exemplary, but it would have been better if you'd taken screenshots of the properties of those files, which might have given clues to their true origin. Even better would have been to upload the files to VirusTotal for scanning, since that would not only have told you how many antivirus engines detected them as malicious, but would also have provided analytical information about their makeup. If anything suspicious showed up you could have zipped them and sent them to the Labs for them to examine.
As it is, there's nothing we can add. No-one else has reported a problem with those filenames, and McAfee Labs haven't got them for analysis. You took prompt and effective action to remove an apparent malware infection, but if you don't know what it was or where it came from you might encounter it again.
I would add two things
1 did you recently update adobe not through the adobe site?
2. When you see these files in future try to post 1 at www.virustotal.com
In response to your first question above, I had not recently updated any of my Adobe products through their website or any other website.