Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Are these .exe's spyware?

Status
Not open for further replies.
spayne

spayne

Programmer
Feb 13, 2001
157
US
I am trying to clean up a machine running on Win XP home edition. In the startup tab of msconfig it shows certain executables that I can't identify. Googling gives me little or no information as well. Can anyone help me ID these files?

javalu.exe
* CLUSAPI9.exe
sdkbx.exe
d3pq32.exe
* uPaSVAFIO.exe

* Pretty sure the capital "I"s here are just that, but could be "1"s or lower case "L"s. It's a little tough to read.

Any help would be appreciated.

TIA,
Steve
 
Sort by date Sort by votes
i can't find them in the virus list i have.

did you try MS for info on the files?
 
Upvote 0 Downvote
Hi spayne,

Looks like these .exe files could be trojans in your Windows XP machine.

Download "HiJackThis", "CWShredder", and spyware scanners like "Ad Aware SE Personal"(alongwith add-ons & plug-ins); "Spybot - Search & Destroy" and Stinger from the web.

First, disable this .exe files in msconfig. Also disable the "System Restore service" in "Services" tab of msconfig.

Reboot your Windows XP machine to "Safe mode with command prompt" and execute "HiJackThis" and "CWShredder".
Then run Stinger to remove virus & trojans from your PC.

Take a look at Microsoft's website:

Finally, run SpyBot-S&D and Ad-Aware SE to remove spyware and trojans from your Windows XP machine.

Good luck.
 
Upvote 0 Downvote
Thanks for the quick replies.

Eyec, I just search MS for them with no results.

RiazAhamed, I have been running most of those and other spyware over and over with limited success. I haven't tried it in safe mode yet, so I'll do that next.

I am just a little concerned that if I disabled them, it may mess things up more than they help. On the other hand, if MS doesn't recognize them, I must assume they are not important to the OS and won't screw that up.
 
Upvote 0 Downvote
the only info i can find on any of these is that

clusapi.dll is a cluster call hook in windows

so off hand i would say that some virus/trojan has changed this file and may be using it.

good luck.
 
Upvote 0 Downvote
You can run hijack this and then cut and paste your log into this great website that will analyze your hijack log and tell you what is good, bad, and ugly!!

- sorry, my html is very rusty so you'll have to cut and paste this web site.

Give that a try and see what you come up with.
 
Upvote 0 Downvote
Try narrowing your search in google. For example, instead of javalu.exe, search for javalu (expect lots of foreign language hits). For CLUSAPI9.exe, try CLUSAPI. Ditto for the rest of those you listed. You might be surprised by the results... Hope this helps.
 
Upvote 0 Downvote
I remove this crap for a living, so here are a few tips...

When I find .exe files being loaded at startup and there are no hits on google, I usually at least disable them to see what happens. There seem to be more than a few programs that I suspect of being scumware/viruses out there that don't get removed by any of the scumware/virus scanners. I use hijackthis (v1.99 is the latest) among other things to find out what is being loaded, as BHOs often reinsert this stuff into startup, downloading it again if necessary.

Here is a tutorial on using hijackthis...


... and you can download it from here....


I'm pretty sure I remember running across javalu.exe before. If you go into the directory where you find it with Windows Explorer, click the file size column. If you see a number of files with the same size and date, and the date coincides with when all the fun began, it is most likely scumware.

If I'm not sure if it is scumware or not, I rename the file (e.g. adding .scum to the end) so I can restore it if need be. Hijackthis is capable of restoring the things it removes, but I'm not sure how it deals with removing executables.

There is a great little tool for seeing what is running in memory available for free at...


The nice thing is that it shows the vendor of the program/process running in memory. The vendor column usually is blank if it is malware. You can also see what child processes are running under the parent (e.g. svchost.exe) and can kill any process that is suspect. Much better than XP Task Manager.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

2ffat
  • Locked
  • News
Audacity is Spyware?
Replies
2
Views
138
2ffat
2ffat
xit
  • Locked
  • News
Just a sad, sad story. What are people thinking? 2
Replies
4
Views
94
edfair
edfair
Iam2391212
  • Locked
  • Question
Win 7 AnitVirus 2012 removal ( .exe's and .com's wont open)
Replies
8
Views
99
Iam2391212
Iam2391212
jlockley
  • Locked
  • Helpful tip
The Crawler/Spyware terminator issue
Replies
5
Views
84
jlockley
jlockley
lowKut
  • Locked
  • Question
Clients are Getting Numerous Network Threat Protection Block IPs
Replies
3
Views
87
lowKut
lowKut

Part and Inventory Search

Sponsor

Back
Top