What Is Findbasic139.Exe?
Malicious software such as FindBasic139.exe can wreak havoc on a computer, displaying bogus error messages, deleting system files or occupying virtual memory and causing other system processes to slow to a crawl or crash entirely. Eradicating this particular rogue software in the usual way is challenging because the program shuts down most security and firewall processes to perpetuate its actions. Carefully following specific steps will allow you to purge the malicious application and restore your computer to working order.
Other People Are Reading
-
Mode of Operation
-
FindBasic139.exe is rogue spyware and a variant of the Win32/Zwangi family of malware that hijacks a computer’s Web browser settings and routes the browser to its own website. Whenever the user enters a website URL or performs a keyword search in the address bar, FindBasic139.exe directs the user to its own domain. The software usually eludes detection by anti-virus and security suites by creating new processes and deleting existing processes on the hard drive.
Stealth Installation
-
When a user browses an infected website or clicks on a link to an infected email, Findbasic139.exe installs itself in multiple locations on the user’s hard drive; typically, in the %AppData% or %ProgramFiles% folders of the user’s profile. The program then modifies the registry settings to operate copies of the program under the following registry subkeys:
HKLM\SYSTEM\CurrentControlSet\Services\FindBasic139 Service\
HKLM\SYSTEM\ControlSet001\Services\FindBasic 139 Service\The program also replicates its code into virtual memory spaces.
-
File Size
-
Four file sizes have been identified to correlate with the FindBasic139.exe rogue software, according to Webroot. These file sizes are: 54,776 bytes, 58,872 bytes, 66,256 bytes or 67,064 bytes.
Other Variants
-
FindBasic139.exe has appeared in other alternate forms, including Win32/Zwangi (the precursor to Findbasic), SeekService, BrowserQuest, BarDiscover, SpaceQuery and SeekDNS. The program modifies the corresponding Windows service to point to one of these alternate websites.
Recovery and Prevention
-
FindBasic139.exe will sometimes add an uninstall program to the “Add or Remove Programs” pane under Control Panel. This may appear under the name “Find Basic 1.0 build 139” or a similar name. Because the program hides itself in the system and activates when a user logs in, disabling security and anti-virus scans in the process, complete eradication requires booting into Safe Mode. Before restarting the computer, disable the system restore options, reboot into Safe Mode, and then run anti-virus or malware removal tools, such as Malwarebytes.
Once the security application has finished, do a search on all files on your hard drive and remove all files named “FindBasic,” including all such files in IE Temp folders. Reboot the computer into Windows mode and run the security program again.
To prevent future malware infections, keep your anti-virus definitions updated and enable your firewall. In addition, delete any suspicious emails that you receive and promptly exit any suspect websites that happen to encounter on the Web.
-
References
Resources
- Photo Credit Jupiterimages/Photos.com/Getty Images
