Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ZLNWZWVEW - WTF is this?

Status
Not open for further replies.
ReTeMa

ReTeMa

Technical User
Mar 11, 2005
31
SI
hi,

i have no idea what this ''unknown user service: ZLNWZWVEW.exe (file missing)'' is doing according to hijackthis report. i disabled this service.

please help - how can i completely remove this (or any other) bother service from pc?

tia
 
Sort by date Sort by votes
If you're already using HiJackThis, let HJT remove the entry.
 
Upvote 0 Downvote
A long shot here, but if you have ever run "Rootkit Revealer" it creates unknown (randomly named) Services and leaves them in Services until you manually remove them from the Registry, it also (if I remember correctly) creates randomly named exe files and leaves them in the users temp folder.

Removing adware & spyware
faq608-4650

Try the free version of "Ewido"
 
Upvote 0 Downvote
thx for replies.

i disabled and removed from services list - i have no idea how, but it disappeared. [evil]
linney - ewido found and deleted some ''TrackingCookie.2o7'' !

then i started regedit program and via ''find'' it found at least 20 entries ''LEGACY_ZLNWZWVEW''. when i hit delete key i got ''Cannot delete LEGACY_ZLNWZWVEW: Error while deleting key''.

any idea how to delete-remove these keys ?

tia
 
Upvote 0 Downvote
Have you modified the permissions to allow control to admins/everyone? As an administrator of the machine, you should be able to right click the entry, select permissions, and set the permissions to full control for admins and/or everyone which should allow you to delete these entries.
 
Upvote 0 Downvote
I would check for other malware as well. Just disabling the service doesn't mean that the machine is completely cleaned up the way you want it to be. Try the following:

Webroot Spysweeper

Download it here:


Webroot Spysweeper 14 day Trial

Update the defs and do a sweep.

I would also check it with some other virus scanners just to make sure.



Best regards.

Erik
 
Upvote 0 Downvote
Try deleting that folder in safe mode!

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pmonett
  • Locked
  • Question
What is this now ? 1
Replies
8
Views
655
pmonett
pmonett
hamburg18w
  • Locked
  • Question
Task Host is Stopping the Shutdown
Replies
1
Views
398
Ign3us
Ign3us
jjjthird333
  • Locked
  • Question
rename a doamin computer when it is offline?
Replies
3
Views
237
goombawaho
goombawaho
pmonett
  • Locked
  • Question
Is Microsoft in a war against Torrent clients ?
Replies
2
Views
231
spamjim
spamjim
pmonett
  • Locked
  • Question
Is it possible to replace Windows Explorer when using Win+E ? 1
Replies
2
Views
174
pmonett
pmonett

Part and Inventory Search

Sponsor

Back
Top