WTF FdjLmAi.exe
May 21, 2012 2:16 PM   Subscribe

Anyone have an idea what FdjLmAi.exe is?

My computer (at work) is fairly old (~10 years). Recently it have been suffering major performance lapses and I am actually due for a new one in about 6 weeks.

In trying to at least understand why it is acting so poorly I've run a few different anti-malware virus-detection programs, nothing pops up, so I started looking at the Task Manager to see if anything obvious is going on as the CPU spends a lot of time revved up near 100%. The only thing I see that I can't figure out is "FdjLmAi.exe", which pops up in multiple instances and manually ending the processes doesn't seem to affect anything on the computer except perhaps making it slightly better performing. Plugging "FdjLmAi.exe" into google yields nothing which makes me suspicious.

Any clues?
posted by edgeways to Computers & Internet (9 answers total)
Plugging "fdjlmai" into google, however, comes up with some sort of redirect to a japanese(?) porn site which should probably feed into your suspicion.
posted by Justinian at 2:29 PM on May 21, 2012

Undoubtedly malware.

Read and do user deezil's profile:

I've also had good luck with Microsoft Off-line security scanner, Dr Web freeware and Avira-DE stand-alone scanner.

N.B. - don't count on one tool finding any given malware, and don't count on them not finding it in a week or two. We see this all the time.
posted by kjs3 at 2:35 PM on May 21, 2012 [4 favorites]

Do you have the ability to install things on your computer at work? If you do, download and run Process Explorer, and see if you can find the folder it is living in, and maybe we can see where it's going.

It does sound like some sort of Malware, and hit my profile. At the absolute least, download and install MalwareBytes and give it a run on Full Scan mode, as well as the Microsoft Security Scanner.
posted by deezil at 2:36 PM on May 21, 2012 [5 favorites]

deezil's profile looks like all I would recommend and far more...

Just as an anecdote, I've removed similar malware from a computer before. It's tricky to google because they specifically make the process name difficult to google; in my case, it was something like a caesar cipher of the logged in username. Good luck!
posted by jangie at 5:10 PM on May 21, 2012

Open your registry (regedit at the Run prompt) and first back up your registry. Second, search the entire registry for that filename, and delete it from the key (that is, registry listing), along with any other filenames in the same spot that look like unfamiliar, randomly-generated-filename executables. (If you're not sure, leave it alone, but search the drive for and delete that file-- see if a new one is created in the same folder.)
posted by Sunburnt at 5:43 PM on May 21, 2012

thanks all, that should help I'll give it a go today, FWIW, MalwareBytes was one of the programs I did run that didn't flag anything
posted by edgeways at 6:40 AM on May 22, 2012

Try submitting that file to Virustotal if you still have it.
posted by samsara at 10:49 AM on May 22, 2012

Just tracked it down and killed it. If it pops back on reload I'll submit to Virustotal before going for a more meticulous scrubbing. FWIW it's associated with "HelatyEhnlar Soft" whatever the heck THAT is.
posted by edgeways at 1:42 PM on May 22, 2012

Looks like it's piece of a Fake Antivirus, per some old VirusTotal uploads.
posted by deezil at 4:33 PM on May 22, 2012

« Older Buying a minivan....   |   Help! My flat stinks of cat pee! The UK edition. Newer »
This thread is closed to new comments.