Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

What the heck is this?? iykagzsd.exe

Status
Not open for further replies.
dickjarvinen

dickjarvinen

IS-IT--Management
Aug 4, 2004
2
US
Norton recently blocked a program trying to access the Internet from my PC (using TCP/IP) called, of all things, 'iykagzsd.exe'. I'm using Win2K Pro, by the way.

I googled Web and Newsgroups and found nothing on this. Yet about every 1/2 hour, this program pops up twice, always blocked by Norton (which is a good thing, I assume).

Some gritty details: 352,256 bytes long, date tag 7/1/04 at 11:57am

I looked at it in the debugger and it 'seems' to be some sort of old DOS 5.0 program, or something that ripped off an old DOS 5.0 program. Lots of DOS messages imbedded in it.

The only reference in the registry is under HKEY_CURRENT_USER\Software\Microsoft\Current Version\Run in a key named 'lgc'.

One theory (benign) is that somehow one of the kids got a hold of the PC and randomly changed the name of one of the system programs. :D

Another theory (malignant) is that it is some sort worm or trojan horse or something that changes its name to avoid detection.

I could just delete it, but as it seems to be 'safe' (because of my Norton), I'm leaving it alone until I find out just what the heck is going on.

Any ideas?

Thanks.

 
Sort by date Sort by votes
Randomly named files that dont get google hits are highly suspect. Your bigger problem is that there is likely more stuff than just that one file on your system.

Scan faq760-4897 to get an idea of what hijackthis tells you and then run the program and look it over to get an idea of what might be going on in your system.

Then take a look at faq608-4650 for an organized approach to cleaning up your system.

-------------------------------------
It's 10 O'Clock ( somewhere! ).
Are your registry and data backed up?
 
Upvote 0 Downvote
Thanks for the help.

Turned out it was 'PurityScan.d'. The only AV that detected it was Kaspersky (sp?), although Norton at least had the sense to ask if it wanted to block access from these programs.

It had infected (or created) iykagzsd.exe and wdsd.exe.

Had to Safe Boot to delete 'em.

Dick
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

2ffat
  • Locked
  • News
Audacity is Spyware?
Replies
2
Views
244
2ffat
2ffat
iambob
  • Locked
  • Question
Avast Anti-Virus is.. a virus?! 3
Replies
5
Views
300
Oorde
Oorde
Henry Pence
  • Locked
  • Question
Is Norton Antivirus Necessary?
Replies
2
Views
223
Henry Pence
Henry Pence
Shimmy613
  • Locked
  • Question
Avira Free: "Your computer is not secure! A Service is not working correctly"
Replies
14
Views
503
ChrisHirst
ChrisHirst
xit
  • Locked
  • News
Just a sad, sad story. What are people thinking? 2
Replies
4
Views
139
edfair
edfair

Part and Inventory Search

Sponsor

Back
Top