vxAC@:.exe virus?

Posted on 2004-10-02
Last Modified: 2013-12-04
Any time I start my PC there is an app running in task manager. The app is vxAC@:.exe. I use to end it and then I go in regedit and use find for vxac. There are some of them and I use to delete them.
Next time I start my pc vxAC@:.exe is again in my task manager.
I'm running w2k sp2, and this file came to my PC only a few days ago. I have an old and clean System State backup on my PC but even restoring this one doesn't help.

Is this a virus, and how to clean this one?
Question by:edi02
  • 5
  • 4
LVL 65

Accepted Solution

SheharyaarSaahil earned 125 total points
ID: 12206832
Hello edi02 =)

First Download HijackThis v1.98.2 from here, run it and Save the LOG file:

Then Post that log at this site >>
and it will automatically analyse it for u,,, Fix everything which it labels as Nasty :)
To Fix, check the lines and click on Fix Checked !!

CAUTION: Before fixing the entries in hijackthis, make sure that they are really Nasty and can be deleted, better u first research for it on Google and then when u will confirm that they shud be deleted, Fix them. And whenever u run Hijackthis, run it from a New folder on ur desktop, so that in case of any problem, u can take advantages of its created backups of fixed items. And in case if u still face problems in dealing with it, just analyse ur log at the above site, and then scroll down where u will see a Save Analyse button, hit it and it will save ur Log Analysation, then copy the link of that page and paste it here, and we will check it for u :)

Then Run these tools in safemode to make sure ur system is clean now !!
AdAware ==>
SpyBot  ==>
Stinger ==>

That will surely kick it out of ur system =)
Post Back and Good Luck :)
LVL 49

Expert Comment

ID: 12206869
Hi edi02,

It is hard to say whether it is a virus's work or a spyware's work. All you can do is to work towards both of those and see if the issue goes away.

First go here and download msconfig
Using it , go to startup tab and disable all applications except anti-virus and firewall.
Restart your machine and check if that process starts automatically. If not , then enable each application one by one to find which one would be the culprit

Then , update your Anti-virus software , if you have got one. Run it both in Normal and Safe mode to see if it catches any virus. If you donot have an anti-virus , run the online virus scanner from here 
See if it catches anything.

Ofcourse, you would have tried the suggestions given by shehary..  

After that make sure to remove all temporary files
Remove temporary internet files, folders and cookies
Also remove windows Temp files going to

1) Start --> run --> typein:  %systemroot%/temp
2) Start  --> run --> typein: %temp%

Post back after that even if your issue is not solved ..


Author Comment

ID: 12216295
Thanks guys,
Still investigating. I've ran regmon.exe to find what is doing in my registry this puppy and this is what I found:

10.54337142      vxAC@:.exe:1008      QueryValue      HKCU\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Internet Settings\EnableAutodial      SUCCESS      0x0      
10.54497051      vxAC@:.exe:1008      OpenKey      HKCU\Software\\Personal Firewall      NOTFOUND            
10.54506605      vxAC@:.exe:1008      OpenKey      HKCU\Software\Symantec\Internet Security      NOTFOUND            
10.54552030      vxAC@:.exe:1008      OpenKey      HKCU\Software\Untu      NOTFOUND            
10.66076424      vxAC@:.exe:1008      OpenKey      HKCU\Software\Ioae      SUCCESS      Key: 0xE2891420      
10.66087068      vxAC@:.exe:1008      QueryValue      HKCU\Software\Ioae\Rcsc      SUCCESS      45 7E 5D BD 6A E0 7D 62 ...      
10.66111373      vxAC@:.exe:1008      OpenKey      HKCU\Software\Microsoft      SUCCESS      Key: 0xE13A3320      
10.66118329      vxAC@:.exe:1008      QueryValue      HKCU\Software\Microsoft\Append      NOTFOUND            
11.66185209      vxAC@:.exe:1008      OpenKey      HKCU\Software\Ioae      SUCCESS      Key: 0xE288E020      
11.66196272      vxAC@:.exe:1008      QueryValue      HKCU\Software\Ioae\Rcsc      SUCCESS      45 7E 5D BD 6A E0 7D 62 ...      
11.66217727      vxAC@:.exe:1008      OpenKey      HKCU\Software\Microsoft      SUCCESS      Key: 0xE293D9A0      
11.66224348      vxAC@:.exe:1008      QueryValue      HKCU\Software\Microsoft\Append      NOTFOUND            
65.80652407      vxAC@:.exe:1008      OpenKey      HKCU\Software\Ioae      NOTFOUND            
65.80672102      vxAC@:.exe:1008      OpenKey      HKCU\Software\Microsoft      SUCCESS      Key: 0xE2C52D20      
65.80679729      vxAC@:.exe:1008      QueryValue      HKCU\Software\Microsoft\Append      NOTFOUND            

Does this ring a bell to anyone?
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.


Author Comment

ID: 12216405
I've ran the HijackThis.exe and I found this file between the results vxсурк.exe sitting in C:\Documments and Settings\Administrator\Application Data folder and removed this one because it starts with vx like my strange vxAC@:.exe file. Hope this will fix the issue. I will test again and then I will allocate the points.
LVL 65

Expert Comment

ID: 12216426
good sign.... im listening to know the results !! :)

Author Comment

ID: 12216453
Strange?! I took the name of the file with copy and paste and even if it was looking like vxcypk when it came in my comment it has been changed to that strange string vxсурк.exe


Any clue?

Author Comment

ID: 12216537
I restarted my PC and vxAC@:.exe is not running anymore. That means problem solved. Thanks SheharyaarSaahil. You receive the points.

Anyway good to remember this nasty file that looks like vxcypk.exe but is actally vxAC@:.exe.
LVL 65

Expert Comment

ID: 12216578
lol..... they can be looked in anyway... they can change their names like chameleon !! =\
but glad to know that u got rid of it.... good job and cheers ^_^

Author Comment

ID: 12216747
I had a look again to the name of the file (I still have it in my Recycle Bin) and now I noticed that the last four letters are from Russian alphabet cyrk. They look litle nit different from the usual ones.
So it should be a russian hand here, I guess :)
LVL 65

Expert Comment

ID: 12216759

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
In a recent article here at Experts Exchange (, I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit If you want to manage em…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question