Problems stemming from KHK.exe

[Datech]

Does anyone know what this is?

A computer I'm working on has a process running named khk.exe, it takes up anywhere from 20% to 75% of CPU resources, and anywhere between 100MB and 1GB of RAM. The only info I have from the client is that they were downloading stuff they shouldn't have, they would randomly get popups in IE when they were using FF, and random links would redirect. Say I go to Google, about every 5th or so search (no search pattern that I can find) will redirect all the links in the search results to seemingly random sites like Vonage and small colleges. If I manually type in the address, it doesn't redirect. If I leave the computer up overnight, IE will open by itself and display multiple windows (probably about 1 per hour) of those same random sites.

Spybot found general stuff, McAfee got 12 unrelated detections, and I haven't had the time to run anything else yet due to school. The only uncommon process is khk.exe, which can be killed with no adverse effects except that it will reopen in about 5 minutes. It's a friend of a friend's computer, but they aren't in a rush to get it back. I figured I would post here to see if anyone had experience with something similar and if there was a simple fix. ProcessLibrary didn't have any information on it either. I'm about to run Malwarebytes and a few of the other automatic stuff before I delve much deeper.

If you know anything or have any suggestions or questions, let me know. I could very well be missing the obvious.

TIA

[NYJimbo]

....and I haven't had the time to run anything else yet due to school.

Let us know when you do.

Seriously, google shows this is a relatively new virus so you have to run everything to see what finds it. If its really that new you are going to have to wait for more updates or use your skills looking for new DLL or other files and use programs that show you open file names, etc..

[NickCat11]

It's malware. Run some more scans (MB and SA) and see what they come up with. You may have to create a new host file as well. The last machine I had I got completely clean but I couldn't get the host file fixed. Hijackthis, Combofix, or even Spybot could not reset it. Use this link for help http://www.mvps.org/winhelp2002/hosts.htm

[NickCat11]

Quote:

Originally Posted by NYJimbo

....and I haven't had the time to run anything else yet due to school.

Let us know when you do.

+1...While we're all here to help it's best that you do your complete diagnostics on the computer before posting your question. This helps everyone out that tries to help you

[Datech]

Thanks for the quick responses guys, I was hoping that someone had already encountered it before and had the exact solution. I was worried it was going to be a tough one due to what little information I found about it. Since the hosts file wasn't touched I didn't have any other leads on where to go manually. I definitely know the importance of time spent troubleshooting and one should always come to the forums prepared.

MalwareBytes found it and killed it though, and I haven't seen any rogue processes or any of the symptoms since. Thanks again guys.