I booted my Windows 2000 professional system yesterday and noticed it was booting extremely slow. I looked in the task manager to determine what processes were running and noticed the file frtha81g68.exe propagating through my system. When I attempted to close one of the processes, it only opened more. Within a minute, I had over 260 processes of the above file. My system subsequently shut down immediately. How do I fix this? Any suggestions would be greatly appreciated. Thanks.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Possible Virus frtha81g68.exe
- Thread starter gcronk
- Start date
Hi
Not certain of what it is but it certainly looks like something that may be used by malware as a random filename.
Try booting into safe mode, hold down the shift key as you login to bypass the startup group then see if it still loads.
If it doesn't, use this opportunity to use the standard reply of CWShredder, Spybot Search & Destroy, Ad-Aware and then if it still causes a problem after rebooting into normal mode, HijackThis and post a log here.
I'd also look and see if you can find the file on the hard disk and see if you can rename the file so it won't get loaded at next startup (eg give it a .xyz extension so Win2K won't recognise it as a program).
John
Not certain of what it is but it certainly looks like something that may be used by malware as a random filename.
Try booting into safe mode, hold down the shift key as you login to bypass the startup group then see if it still loads.
If it doesn't, use this opportunity to use the standard reply of CWShredder, Spybot Search & Destroy, Ad-Aware and then if it still causes a problem after rebooting into normal mode, HijackThis and post a log here.
I'd also look and see if you can find the file on the hard disk and see if you can rename the file so it won't get loaded at next startup (eg give it a .xyz extension so Win2K won't recognise it as a program).
John
Have you run a virus scan of any sort? Any results?
Also, chase down malware avenues, refer to this: faq608-4650
You may try rebooting into safe mode and see if the propagation of this can be kept in check enough for you to get oon top of it and delete it.
"'Tis an ill wind that blows no minds." - Malaclypse the Younger
Also, chase down malware avenues, refer to this: faq608-4650
You may try rebooting into safe mode and see if the propagation of this can be kept in check enough for you to get oon top of it and delete it.
"'Tis an ill wind that blows no minds." - Malaclypse the Younger
- Thread starter
- #4
Thank you for your suggestion. I tried booting in to safe mode but the system hung half way through the boot process. I can not even get to the command prompt to find the file on my system. I will try your suggestion and see how it works. Thank you again.
Interesting. Just within the past hour, our e-mail antivirus program has stopped 6 messages with attached executables, all with very random names similar to this. They all came in randomly named Zip files (accdab.zip->dqeirayw.exe).
After the first three I updated the antivirus definitions just in case (which there were some updates available), but the next three still got caught just by the EXE filter, not as viruses. Neither Network Associates nor TrendMicro list any new virus on their sites.
Very weird.
After the first three I updated the antivirus definitions just in case (which there were some updates available), but the next three still got caught just by the EXE filter, not as viruses. Neither Network Associates nor TrendMicro list any new virus on their sites.
Very weird.
McAfee has mine now: Bagle.C,
- Status