General discussion

Locked

Random Executable

By Dennis.Rhine ·
I have several computers that are running slowly. Each one has a program running that is a random combination of six characters such as AEEE64.exe (it always has a dog icon). The file is always located in C:\WinNT\Temp and cannot be stopped and the program cannot be deleted while the computer is run in normal operation. Boot to Safe mode and delete the file and it will be recreated with a new name on the next startup. I have tried running SpyBot against it and that program now says that everything is clean. I also am running TrendMicro for the AV protection and it cannot find anything either. Any ideas?

This conversation is currently closed to new comments.

4 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Try These

by willcomp In reply to Random Executable

Here are some recommended additions to your malware arsenal.

Ad-Aware SE - available at Download.com

CWShredder - see link below

http://www.intermute.com/spysubtract/cwshredder_download.html

Hijack This - see link below

http://www.spywareinfo.com/~merijn/downloads.html

When added to Spybot, these programs should rid you of nasty critters.

Dalton

Collapse -

Possible

by dwdino In reply to Random Executable

Most of the time I have encountered such nasties, I have to take the following course.

1) Research any of the names you find for this executable. This must be done so that you understand what it is your fighting.

2) Boot to safe mode.

3) Delete any instance of the file. Then perform a search using the file naming scheme. For your given example search for ??????.exe. This will locate any executable files with 6 character names.

4) Open regedit and navigate to:
HKCU\Software\Microsoft\Windows\Current Version\Run
HKCU\Software\Microsoft\Windows\Current Version\RunOnce
HKLM\Software\Microsoft\Windows\Current Version\Run
HKLM\Software\Microsoft\Windows\Current Version\RunOnce

5) Go through the list and notice any executables that look unusual. If you decide to delete any entries, backup the registry first, just in case a needed entry is removed.

6) Open the start menu and goto programs and then startup.

7) Remove any entries from startup that are not necessary.

Reboot.

9) Pay close attention to any behavior that seems unusual.

Collapse -

Solution Found!

by Dennis.Rhine In reply to Random Executable

Thanks for all of the replies to this question. I have downloaded several of the software solutions posted and some of them helped tremendously in getting to the bottom of this issue. After using some of the tools posted I found that the program was spawned by the TrendMicro program. I finally called TrendMicro and they said that this program with the dog icon is one of theirs. It's purpose is to stop spy-ware and it is given a random name so that writers cannot get a bead on it. If deleted it is recreated by the TrendMicro software with a new name.

Collapse -

Awright! But a Question....

by willcomp In reply to Solution Found!

How much stuff did you find that Trend Micro Anti-Spyware let by?

Dalton

Back to Malware Forum
4 total posts (Page 1 of 1)  

Related Discussions

Related Forums