the other exe doesn't exist either on 8.1
try to see if anyone with the same system can check
probably best option is getting rid of them
hmm, try creating a shortcut for windows console (new shortcut, target: C:\Windows\System32\cmd.exe), right click launch as admin, type "sfc /scannow" and let it do its thing (may take a while) when done post here the results displayed on console and if those 2 exes are gone. not sure if it will work, but worth a try
Comment has been collapsed.
i didn't get it right i guess, here is the result:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Windows\system32>sfc/scanow
Microsoft (R) Windows (R) Resource Checker Version 6.0
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
Scans the integrity of all protected system files and replaces incorrect version
s with
correct Microsoft versions.
SFC [/SCANNOW] [/VERIFYONLY] [/SCANFILE=<file>] [/VERIFYFILE=<file>]
[/OFFWINDIR=<offline windows directory> /OFFBOOTDIR=<offline boot directory>
]
/SCANNOW Scans integrity of all protected system files and repairs files
with
problems when possible.
/VERIFYONLY Scans integrity of all protected system files. No repair operati
on is
performed.
/SCANFILE Scans integrity of the referenced file, repairs file if problems
are
identified. Specify full path <file>
/VERIFYFILE Verifies the integrity of the file with full path <file>. No re
pair
operation is performed.
/OFFBOOTDIR For offline repair specify the location of the offline boot dire
ctory
/OFFWINDIR For offline repair specify the location of the offline windows d
irectory
e.g.
sfc /SCANNOW
sfc /VERIFYFILE=c:\windows\system32\kernel32.dll
sfc /SCANFILE=d:\windows\system32\kernel32.dll /OFFBOOTDIR=d:\ /OFFWINDIR=d:\windows
sfc /VERIFYONLY
C:\Windows\system32>
Comment has been collapsed.
You bet! SpyBot Search & Destroy picks up things that Malware Bytes and antivirus programs miss!
I also HIGHLY recommend running CCleaner!
Comment has been collapsed.
I looked them up and it looks like wnavga.exe is a microsoft file and is part of USInjectorService. Not sure what that does, but other people have complained about it eating up there bandwidth too. Not sure if there is a virus infecting that file or if it just has problems.
http://processchecker.com/file/wnavga.exe.html
https://www.reddit.com/r/AskTechnology/comments/3948j1/usinjectorservice_using_up_bandwidth/
cygavb.exe is from a program called Proxomitron. It is some kind of popup/ ad blocker. I would personally just delete this file, but I don't know if that will have any negative effects so delete at your own risk if you want. Maybe the file is part of an ad blocker that you are running or maybe you have some malware/ virus that is using this program to edit what you see on the internet and change links to different websites.
http://processchecker.com/file/cygavb.exe.html
https://en.wikipedia.org/wiki/Proxomitron
From their website:
The Proxomitron 4.5.0.0 is a web filter that makes your browsing more comfortable and secure.
Proxomitron 4.5 allows you to get rid of some annoyances that overcrowd your screen and use too much resources, like advertising content, undesired Java scripts or HTTP headers.
You can now control the way you look the pages by rewriting them on the fly, building filtering rules that will swap away that things you donΒ΄t want to see. The program comes with a lot of rules, that you can edit, and you can make your own rules, or use rules written by someone else.
Proxomitron also allows you to control the hidden HTTP header messages and cookies.
The Proxomitron allows you to selectively disable specific JavaScript commands, stop windows that pop-up, pop-under, or pop-over, stop endless banner chains, stop pop-up JavaScript message boxes, remove web-branding and other scripts tacked on by "free" web providers.
It also converts most ads and banner pictures into simple text links, freezes all animated gifs, makes blinking text appear as bold instead, removes slow web counters and much more
Edit: I would also run the programs that genkicoll suggested. I have used Malwarebytes Anti-Malware in the past and it works good.
Do you know if this just happened recently? Maybe you can use system restore to restore your computer to before it started.
Comment has been collapsed.
I don't really know what else to do. You said Firefox runs fine, what browser is this happening in? Try disabling all of the add-ons/plugins for the browser and see if it still happens. If that fixes it, then you can try turning the add-ons back on 1 at a time and restarting the browser until you find out which one is causing it. Then delete that add-on and try downloading a new version if it is something you want.
If it only happens on 1 browser, you can also try uninstalling and re-installing that browser.
Comment has been collapsed.
Do you use a proxy? If multiple browsers say they cannot connect to the proxy server I would think you have an incorrect proxy setting in Windows. Have you checked your proxy settings? Go to Control Panel (or open IE, tools), Internet Options, Connections tab, click "Lan Settings" and then uncheck the box that say "use a proxy server for your LAN".
Edit: It looks like IE and Chrome both use the same proxy settings. If you go into the settings from inside IE or Chrome and click to change the proxy settings, they both open the same window. Firefox you can tell it to use "no proxy", "system proxy settings", or a custom proxy. That is probably why Firefox is still working, it is set to no proxy while IE and Chrome are using your system proxy settings.
Comment has been collapsed.
Firefox is set to "use system proxy" setting, and btw Malwarebyte detected those both files as a torjon/threat and deleted then and registry is fix too but still this proxy :( Steam is using same proxy as IE i guess that's why it's not running either.
any way i can set it back to " use system proxy"??
Comment has been collapsed.
I don't know much about changing proxy info other than just opening the settings window for each browser and changing the settings from there. I tried looking it up and it sounds like there may also be a Windows proxy setting that is separate, but i'm not sure if it is in all versions of Windows or just server versions. I read that you can type the following in a command prompt and it would reset the proxy settings:
netsh winhttp reset proxy
I don't know enough to really help. I would suggest creating an account on a forum that is dedicated to removing malware and creating a thread there. Explain the problem from the beginning with the 2 files that were removed and then ask about the proxy settings. There is a forum for Malwarebytes and they have a section where you can ask for help. Here is a link: https://forums.malwarebytes.org/index.php?/forum/7-malware-removal-help/
Comment has been collapsed.
Use http://free.drweb.com/cureit/?lng=en in your computer to check IF you have a trojan. IF you search for wnavga.exe in this page you'll find some trojan(s) that modify this file to hide themselves.
Hope it helps.
Comment has been collapsed.
Sounds like you have a trojan, but it will probably take some effort to find and remove it. Start with what Mianpi suggested, above. Malwarebytes Anti-Malware is good for removing stuff like that, as is Spybot Search & Destroy. Only run one checker at a time. MWB and SSD are not anti-virus programs, but you still don't want to run multiple checks at the same time.
Comment has been collapsed.
As Khalaq said, those are just to detect Malware, not Virii. If your computer is infected, Malware Bytes will not find the Trojan it will only find the Malware installed by the Trojan.
You need to use something like Kaspersky or an active scan like Panda
Let one program run at a time, do not run multiple programs to scan at once. They may interfere or give false positives or negatives.
Microsoft Security Essentials is the last thing I would run at the end just to make sure it's all cleared up.
Personally, if you have things backed up properly like your images and everything you care about, I would just write 0's to the drive and reinstall my OS.
EDIT - Your proxy problems could easily be caused by a trojan. Especially if you did not mess with any of the proxy settings in any of those programs yourself.
Comment has been collapsed.
Then if you do not want to reformat, I would recommend uninstalling every browswer you have on your computer and reinstalling them.
Something is causing your proxy settings to act like they are hijacked.
Comment has been collapsed.
To uninstall Internet Explorer
Click the Start button, and enter Programs and features in the search box.
Click Programs and Features in the list of results, and then click View installed updates.
Under Microsoft Windows, right-click Internet Explorer, and then click Uninstall.
Comment has been collapsed.
If you're having issues with proxy settings try setting it up under Internet options. I created a guide on Windows 10 using PSR, but on 8.1 just type the same thing into the start screen. Don't know the best way to do it on W7, if you're on 7, but you should be able to find the same internet options dialogue in the control panel. Log in here for the shared link, or the direct download link here if it works.
Comment has been collapsed.
I did a quick look over the thread and it seems the two programs were malicious and removed but there is still something controlling your proxy settings and preventing you from getting where you want to go, correct?
Get this: http://sourceforge.net/projects/hjt/ and post the log, if it's glaringly obvious I'll find your issue and if it's not someone here should be able to read the log and see the problem.
Comment has been collapsed.
+1, this is another great tool that I have used in the past.
You can post the log here if you want people to look at it here, but I would suggest creating an account at a website dedicated to helping people remove spyware since you would have the quickest results that way. You can always put a link in here to your new thread if you want..
Here is a good site to ask for help on: http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/
Edit: If you create a new thread on another site to ask for help, make sure to explain the problem a little in the title or else they probably won't be too happy. Here are some basic guidelines to get the quickest help: http://www.bleepingcomputer.com/forums/t/41987/before-you-post-about-a-problem/
Comment has been collapsed.
72 Comments - Last post 1 minute ago by duville
10 Comments - Last post 29 minutes ago by lostsoul67
1,095 Comments - Last post 55 minutes ago by FreeFall
121 Comments - Last post 2 hours ago by kbronct
66 Comments - Last post 3 hours ago by OneManArmyStar
70 Comments - Last post 7 hours ago by Carenard
31 Comments - Last post 13 hours ago by BlazeHaze
68 Comments - Last post 1 minute ago by Sorapak
51 Comments - Last post 6 minutes ago by Si9a
12 Comments - Last post 17 minutes ago by duville
47 Comments - Last post 36 minutes ago by Mitsukuni
677 Comments - Last post 1 hour ago by FruitCober
2,419 Comments - Last post 1 hour ago by JMM72
11 Comments - Last post 1 hour ago by Fluffster
HELP ;------;
yesterday i noticed that my internet downspeed was decreased :( then i opened Resource monitor and saw that "cygavb.exe" & "wnavga.exe" named file were eating up my bandwidth :( .I've google up this from but didnt found any solution, and when i kill those taskes (file) they turn back on again and they're undeleteable/auro-generate.
Note: as i kill these files from task manager, then some crap goes and i lose proxy setting of IE11 (do ask why i use this shit) & Steam (Store,Commnity,Workshop, can view library and play game).
Location: C:\Windows
File Details:
Name: cygavb.exe wnavga.exe
Description: svchost The Proximation
Company: Microsoft Groom-A-Zebu
Size: 8kb 288kb
PC: Sony Vaio
Windows 7 Ultimate x64bit
Antivirus used and found no virus on pc, Microsoft Security Essential & AVG
thanks ;-;
Edit: i used Malwarebyte and this software detected those 2 files and some other files and hence deleted them but still this PROXY SETTING problem :( IE,Crome,Steam aren't working
Comment has been collapsed.