Featured:
Allergies
Tech Know
Grilling Guide
eHow Now Blog

How to Detect the U.exe Transparent Proxy

The U.exe file is a malicious browser hijack that tunnels your traffic through a proxy server. Not only will this executable redirect your searches to an unintended location, the person on the other end of this transparent proxy can see all of the data you send. Most anti-virus programs will detect these types of hijacks automatically. However, if you do not have sufficient security, you may need to detect and remove the U.exe proxy yourself. Detect this proxy by checking Task Manager and confirming your reported IP address.

Instructions

  1. Identify Your IP Address

    • 1

      Press the “Windows-R” keyboard keys simultaneously.

    • 2

      Type “CMD” in Run and click “OK.”

    • 3

      Type “Ipconfig” and press “Enter.”

    • 4

      Look at the address beside “IPv4 IP Address.” This is your IP address. If the first three digits of this number is “192,” connect your computer directly to the modem and check the Ipconfig utility again.

    Proxy Detection

    • 5

      Open any browser and go to “http://www.Google.com.”

    • 6

      Type “What is My IP” in the Google Search box and press “Enter.”

    • 7

      Look at the top result. The IP address broadcasted to Google is provided next to “Your Public IP Address Is...” just below the Search box. If this address does not match the IP you captured with your modem connected directly to the computer, the transparent proxy is in effect.

    Executable Detection

    • 8

      Right-click the Windows Taskbar and select “Start Task Manager.”

    • 9

      Click the “Processes” tab, and click “Show Processes from All Users.”

    • 10

      Click “Image Name” to sort your processes alphabetically. If the malware is running, the “U.exe” file will be listed in the process list.

    Basic Removal

    • 11

      Right-click the “U.exe” process in Task Manager to open a list of options.

    • 12

      Click “Open File Location.” This opens the directory containing the file.

    • 13

      Minimize the folder that just opened, and maximize the Task Manager.

    • 14

      Right-click the “U.exe” process in the Task Manager again and click “End Process Tree.”

    • 15

      Maximize the directory containing the malware executable. Right-click “U.exe” and click “Delete.” Click “Yes” to confirm. While this stops and removes the current “U.exe” resource file, the file will likely regenerate upon restart. However, this should now allow you to download and install some security software to perform a full, automated removal. If you are still unable to navigate without the proxy, continue reading to learn how to create a script to delete all known file locations manually.

    Advanced Removal

    • 16

      Save all of your work.

    • 17

      Click “Start.” Type “Notepad” in Search and press “Enter.”

    • 18

      Paste the following script into Notepad:

      @Echo Off
      Echo Closing Affected Processes (Ignore Errors)

      @Echo Off
      Ping -n 10 127.0.0.1>null
      tskill explorer
      taskkill /im explorer.exe
      tskill Chrome
      taskkill /im Chrome.exe
      tskill Firefox
      taskkill /im Firefox
      tskill iexplore
      taskkill /im iexplore.exe
      Echo Waiting for All Processes to End...

      @Echo OFF
      Ping -n 10 127.0.0.1>null0
      Echo Terminating The "U.exe" process (Ignore Errors)

      tskill U
      taskkill /im U.exe
      Ping -n 10 127.0.0.1>null1

      @Echo OFF
      CD C:\
      Echo Deleting The U.exe File in All Known Directories
      @Echo OFF

      DEL %Profiles%\u.exe
      DEL %ProgramFiles%\2flyer\screensaver pro\compile\u.exe
      DEL %ProgramFiles%\2flyer\screensaver\compile\u.exe
      DEL %System%\ c_\u.exe
      DEL %System%\company\newproduct\u.exe
      DEL %System%\drivers\u.exe
      DEL %System%\u.exe
      DEL %Temp%\u.exe
      DEL %Temp%\ixp000.tmp\u.exe
      DEL %Temp%\u.exe
      DEL %Windir%\u.exe
      DEL c:\u.exe

      Echo Clearing Your Browsing History...
      RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 255

      Echo Starting Windows Explorer...
      Echo Flushing DNS Cache...
      Echo Cleaning Deleted Files...
      Ping -n 15 127.0.0.1>null2

      DEL C:\Null
      DEL C:\Null0
      DEL C:\NUll1
      DEL C:\NUll2

      ipconfig /flushdns

      ATTRIB %systemdrive%\RECYCLER\* -R -S -H /D /S
      DEL %systemdrive%\RECYCLER\* /F /Q
      RD %systemdrive%\RECYCLER /Q

      START explorer.exe
      Echo Script Complete. Please Restart your computer.
      Pause

    • 19

      Click “File” and click “Save As.” On the Save As window, select “Local Disk C” as the install location. Type “Removal.BAT” in the “File Name” field, and then click to expand “Save as Type” and select the “All Files” option.

    • 20

      Click the “Save” button. Double-click the file to execute the script. Restart your computer when finished. Upon restart, you should now be able to download and install the security software necessary to properly clean your system.

Tips & Warnings

  • Change all of your passwords after removing the U.exe transparent proxy.

Suggest item

Related Searches:

References

Resources

Comments

Related Ads

thumbnail
Featured