(System32) directory - Weird EXE files, rename when deleted.

[PTCruiserMike]

Help, I can't get rid of something quite pesky. Here's what is happening:

Windows XP Professional, in the SYSTEM32 directory, I've got files that appear and rename themselves, if I turn them off in msconfig.exe, or the task manager.

It's really weird, because if I turn it off in the task manager, it immediately starts up again, but as a different named exe file.

Files look like this most of the time: XQETSXZ.EXE , just variable letters and numbers.

This machine, if left connected to my router, eventually shuts down my cable connection, and I have to reboot the modem.

HELP !!!!!!!!!!!!

 

[LordGarfield]

Hi,

Try to download the free version off AVG from grisoft

http://www.grisoft.com

its a good freeware virus scanner.

install it and run it. You will probably have a virus.

Update the virus definitions every 2 days to make shure you have the latest ones.

best regards

tank you,

(>" "<)
(='o'=)
-(,,)-(,,)------------------------------
LORD_GARFIELD
---------------------------------------

 

[PTCruiserMike]

Thanks, AVG is a great program... It found several trojans and viruses.

One trojan is being a PEST though: BackDoor.VB.11.BC

I can't keep it turned off long enough with task manager to get AVG to remove it. Looks like it's the culprit that I wrote about originally that keeps renaming itself, or turning itself back on, each time I try and terminate it.

Couldn't believe that my Corporate Symantic Antivirus didn't even catch all the other viruses and trojans that AVG found.

 

[bfralia]

If it's the virus you mention you should have a boot up run command in the registry file as below:


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersionRun "win_(4 random letters + 4 random digits" = "%Sysdir%\SYS_386X\inicio.exe"

If you've got that, remove it from the registry and reboot the computer. AVG should then be able to remove it.