Unsolved
This post is more than 5 years old
1 Message
0
8204
January 8th, 2006 16:00
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run registry key virus
Hi:
Virus???
In the windows system32 directory I have these 24k .exes with random names, and likewise with dlls of vairous sizes. If I don't delete them periodically, they pile up.
There is always an attempt to put a key in the following branch of the registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ahpbaecstv "c:\winnt40\system32\randomexe.exe".
Thus the above process runs. I am currently investigating it by using psapi, an api that
allows me to look at processes. I am also considering locking the registry via
the C++ RegSetKeySecurity api.
I have only just begun, I just thought I'd ask if someone knows how to get rid of this one.
Any help appreciated.
JF
0 events found
No Events found!
100mph
1.2K Posts
0
January 8th, 2006 18:00
Try Google by file name, or use antivirus/spyware scanners to identify the infection.
pkbanerjee
13 Posts
0
January 8th, 2006 21:00
hi
if u are sure that there are dll files that are unhealthy there are two things u can do that can help
1. run hijack this and try and fix the entry and then go to the misc. tools and try and delete the dll files on next boot
u can also download something called the killbox that kills processes running on the computer. and deletes the process
go to google and type killbox download and the first site that comes up will be a bleeping computers site.
on downloading killbox u will need to type in the path and file name and then kill the process and delete the file.
make sure that u are sure that u know these dll files are the naughty ones,
u can also try a spyware scan b4 that like adaware or microsoft antispyware beta
sites http://www.dsvs.org for adaware microsoft and hijack this...