Stij.exe is keep coming back. what can I do?

I had 2 running process Stij.exe & Stij*32.exe that made my PC run very very slow, and act strange. when I tried to end the process it Doubled itself.

I checked the process details and found it belong to Perion Network Ltd, and its allegedly a part of incredimail. [I'm not an incredimail user]

I wrote them and they said it don't belong to them. in their words: "I have checked with our developers and the .dll is not related with IncrediMail. We do not know which application it is related with"

so I renamed the files and trashed them.

For 2 days may PC run normally and I had a relief, but today they comeback! I trashed them again.

I want to terminate them permanently! How do I do that?

 

Question Info


Last updated May 16, 2018 Views 329 Applies to:
Answer
Answer

See: http://answers.microsoft.com/en-us/protect/forum/mse-protect_scanning/how-do-i-remove-the-stijexe-virus-using-mse/bf2dd035-f2c7-4d65-9eda-d9e10d66822a

However, since you are not using Incredimail:

Try Hitman Pro Trial Version: http://www.surfright.nl/en/hitmanpro This program may be run from a flash drive.

Try TDSS Killer: http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller TDSS Killer may be run from a flash drive.

Try adwcleaner: http://www.bleepingcomputer.com/download/adwcleaner/

Try Malwarebytes Antimalware (free version, do not install the trial or Pro version) - http://www.malwarebytes.org/products/malwarebytes_free/

You can start here:  https://consumersecuritysupport.microsoft.com/  (which will lead to the paid support options of http://www.answerdesk.com if you are in the US)

In other regions not served by the link above, go here:   http://Support.microsoft.com/security and go to the “assisted support” or contact us menu.

This web site - http://www.bleepingcomputer.com -  contains details for many of the common infections, often immediately after they began to appear in the wild, and instructions are provided for how to remove the infections using their malware removal guides. They also have forums where you can seek help from people who specialize in malware removal.

This may also be helpful - How to get rid of malware:

http://answers.microsoft.com/en-us/windows/forum/windows_vista-security/how-to-get-rid-of-malware/ba80504b-61f1-4d71-960f-b561798b7b42

-steve

^_^
Windows Insider MVP (Security), Moderator Microsoft Community

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Answer
Answer

Presence of stij.exe process shows your computer infected with MyStart by IncrediBar malware (Adware type, technically called as Potential Unwanted Program often classified as Browser Hijacker; not severe (don't afraid about passwords). The stij.exe process seems legitimate its digitally signed by Perion Network Ltd. its fake one. You may find malicious file in %WINDIR%\system32\jmdp path.

This potentially unwanted program shows random pop-up messages or ads, for example;

CONGRATULATIONS! You are today’s iPhone 4s winner!
Click the “Yes” button below to try and win before time runs out.

To get rid of virus,

1. Go to Start > Control Panel > Programs & Features Looks for incredibar & relates (or unknown) programs (PUP), right click uninstall (follow a prompts).

 2 .Open Internet Explorer, click Tools or Settings icon > Manage Add-ons > locate IB Updater, Incredibar Games EN Toolbar, Incredibar Music Toolbar, Incredibar EN (or unknown) items in Toolbars & Extensions > choose & remove it.

3. Open Internet Explorer, click Tools or Settings icon > Internet options > click Advanced tab and click reset to reset IE settings to default.

4. To remove remnants of adware in PC, install Malwarebytes Anti-malware (free version) http://www.malwarebytes.org/products/malwarebytes_free/ and install, update and run the free version – just go with default options in the prompts. If malware blocks/ prevent you to install malwarebytes, rename the malwarebytes installation file to somethingelse.exe or something similar. Once installed, do a quick scan, it'll detect all known viruses & remnants of adware (reboot, if prompts).

Follow up thread, and reply status of removal.

//Dinesh

Thanks,
Dinesh

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.