Anyone have any idea what "puUugIm.EXE" is?

Was at work today checking on a customer's computer when another tech came over and asked me why a computer was running so slow, so naturally I Ctrl+Shift+Esc to bring up the task manager and go directly to Processes, and I find what is quoted in the title. Tried ending the process and it did nothing, only thing I could do was to lower the process priority and continue working.

While I was doing this, I had my personal drive plugged in where I have other programs to check CPU, GPU, Motherboard info and whatnot.

I come home and realized my drive wasn't plugged in, popped it in only to get alerted to a threat from Microsoft Security Essentials. So I let it clean.
I wondered why my drive's icon wasn't showing up anymore, so I decided to make a new autorun.inf, figuring the virus deleted it; and was told it still existed. I go into the folder options and unhide system files, only to be alerted again of a second virus, which was cleaned quickly. Ran a full scan on the drive and nothing else has been found.

What I see it did was overwrite my autorun file, and what I saw it do on the customer's computer was make a process run at near 100%, but I don't know what else it did/does.


I guess +1 to MSE for finding it.

 

Any randomly named file in the root (c:\), temporary directories, or system directories are clearly bad news. It's impossible to say what it is without digging in and taking a look, due to the random nature of the name.

I hope you did not leave it on the machine you were working on. If so, you should be heading back to remove it.

 

The filename looks like a typical randomly generated malware executable one. If you still have access to that program (or next time you see something like that), use an application like an anti-rootkit (for example GMER) and copy the exe file. You can also upload it to the well-known service www.virustotal.com

You could also zip-password it then upload it to some computer security forum for extra analysis. (Or just PM it to me, I can take a look at it)

 

It was probably something similar to the conficker virus. Conficker is dieing down a little now, but there's probably still "only" about 8 million devices infected with it. It's known to screw with autorun files on USB drives.

*edit*: any program with a name like that and high system usage is 99.999999999% likely to be bad.

 

I wasn't able to ZIP it up because I didn't go in today, so someone must have seen my note and its probably gone by now.

I've yet to come across any computer with Conficker though; I really thought I would have seen one by now.