Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

gezr

5 Posts

2662

March 1st, 2006 22:00

Could this be a virus?

Reviewing msconfig I have found an item named Lgzaxch in the startup items.  All the other items I do not recognise I can find a reference to on google, but this one returns no results.  Does anyone know what it is & should it be there?  I use up to date Norton Internet Security on the laptop.

100mph

1.2K Posts

March 1st, 2006 23:00

Usually:

Nothing on Google = Infection

Start here:

http://www.stevengould.org/software/cleanup/download.html
http://housecall.trendmicro.com/
http://www.trendmicro.com/spyware-scan/
http://www.bitdefender.com/scan8/ie.html

Good Luck!

leduke

47 Posts

March 2nd, 2006 09:00

If the problem still persists you can read a hijackthis tutorial , go through instructions and recomendations and see what pests are on your computer.

100mph

1.2K Posts

March 2nd, 2006 11:00

Yeap, this site should help you analyze the log:

http://hijackthis.de/

gezr

5 Posts

March 6th, 2006 09:00

Progress update...
Thanks for the help so far.  Here's how I've got on:
 
http://www.stevengould.org/software/cleanup/download.html
This ran fine.
 
http://housecall.trendmicro.com/
This would not run - got some help from trendmicro support and was able to run an older version of the housecall programme.  Did not find any threats.
 
http://www.trendmicro.com/spyware-scan/
Nothing found.
 
This found 8 viruses - but they were all languishing in an old Outlook express deleted messages folder, and Norton AV quarantine folders, so were not causing my problems. 
 
I ran hijackthis but found nothing in the results.
 
 
However, I searched the registry for lgzaxch and it appeared in a subfolder named "Krypton" along with a reference to wuamgrd.exe.  I was told to delete this folder by a Microsoft support technician (long story, so far unhelpful). From a google search I have found out that the Krypton folder is virus related, and wuamgrd.exe is a virus. 
 
wuamgrd.exe no longer appears in the registry - apart from in the FilesNamedMRU folder which I understand is just related to search terms and is not significant.
lgzaxch appears in the following:
  • MyComputer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Microsoft Update Machine
I am aware that the name of this folder is linked with the wuamgrd.exe virus.  The contents are:
command = lgzaxch.exe
hkey = HKLM
inimapping = 0
item = lgzaxch
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  • MyComputer\HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run
The contents of this folder are:
ALUAlert = C:\Program FIles\Symantec\LiveUpdate\ALUNotify.exe
internat.exe = internat.exe
Microsoft Update Machine = lgzaxch.exe
 
I am tempted to delete the Microsoft Update Machine subfolder, and the reference to lgzaxch in the Run folder, but am concerned that there may be other changes in my registry that need correcting - the info I saw on wuamgrd.exe suggested that it made various changes in the registry.  However I do not know the original values of keys that may have been changed, and am a bit out of my depth!
 
Is there a simple method or tool for checking registry keys are all as they should be?

 

Was this post helpful?

View All

No Events found!

Top