vxAC@:.exe virus?

Posted on 2004-10-02
Last Modified: 2013-12-04
Any time I start my PC there is an app running in task manager. The app is vxAC@:.exe. I use to end it and then I go in regedit and use find for vxac. There are some of them and I use to delete them.
Next time I start my pc vxAC@:.exe is again in my task manager.
I'm running w2k sp2, and this file came to my PC only a few days ago. I have an old and clean System State backup on my PC but even restoring this one doesn't help.

Is this a virus, and how to clean this one?
Question by:edi02
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
LVL 65

Accepted Solution

SheharyaarSaahil earned 125 total points
ID: 12206832
Hello edi02 =)

First Download HijackThis v1.98.2 from here, run it and Save the LOG file:

Then Post that log at this site >>
and it will automatically analyse it for u,,, Fix everything which it labels as Nasty :)
To Fix, check the lines and click on Fix Checked !!

CAUTION: Before fixing the entries in hijackthis, make sure that they are really Nasty and can be deleted, better u first research for it on Google and then when u will confirm that they shud be deleted, Fix them. And whenever u run Hijackthis, run it from a New folder on ur desktop, so that in case of any problem, u can take advantages of its created backups of fixed items. And in case if u still face problems in dealing with it, just analyse ur log at the above site, and then scroll down where u will see a Save Analyse button, hit it and it will save ur Log Analysation, then copy the link of that page and paste it here, and we will check it for u :)

Then Run these tools in safemode to make sure ur system is clean now !!
AdAware ==>
SpyBot  ==>
Stinger ==>

That will surely kick it out of ur system =)
Post Back and Good Luck :)
LVL 49

Expert Comment

ID: 12206869
Hi edi02,

It is hard to say whether it is a virus's work or a spyware's work. All you can do is to work towards both of those and see if the issue goes away.

First go here and download msconfig
Using it , go to startup tab and disable all applications except anti-virus and firewall.
Restart your machine and check if that process starts automatically. If not , then enable each application one by one to find which one would be the culprit

Then , update your Anti-virus software , if you have got one. Run it both in Normal and Safe mode to see if it catches any virus. If you donot have an anti-virus , run the online virus scanner from here 
See if it catches anything.

Ofcourse, you would have tried the suggestions given by shehary..  

After that make sure to remove all temporary files
Remove temporary internet files, folders and cookies
Also remove windows Temp files going to

1) Start --> run --> typein:  %systemroot%/temp
2) Start  --> run --> typein: %temp%

Post back after that even if your issue is not solved ..


Author Comment

ID: 12216295
Thanks guys,
Still investigating. I've ran regmon.exe to find what is doing in my registry this puppy and this is what I found:

10.54337142      vxAC@:.exe:1008      QueryValue      HKCU\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Internet Settings\EnableAutodial      SUCCESS      0x0      
10.54497051      vxAC@:.exe:1008      OpenKey      HKCU\Software\\Personal Firewall      NOTFOUND            
10.54506605      vxAC@:.exe:1008      OpenKey      HKCU\Software\Symantec\Internet Security      NOTFOUND            
10.54552030      vxAC@:.exe:1008      OpenKey      HKCU\Software\Untu      NOTFOUND            
10.66076424      vxAC@:.exe:1008      OpenKey      HKCU\Software\Ioae      SUCCESS      Key: 0xE2891420      
10.66087068      vxAC@:.exe:1008      QueryValue      HKCU\Software\Ioae\Rcsc      SUCCESS      45 7E 5D BD 6A E0 7D 62 ...      
10.66111373      vxAC@:.exe:1008      OpenKey      HKCU\Software\Microsoft      SUCCESS      Key: 0xE13A3320      
10.66118329      vxAC@:.exe:1008      QueryValue      HKCU\Software\Microsoft\Append      NOTFOUND            
11.66185209      vxAC@:.exe:1008      OpenKey      HKCU\Software\Ioae      SUCCESS      Key: 0xE288E020      
11.66196272      vxAC@:.exe:1008      QueryValue      HKCU\Software\Ioae\Rcsc      SUCCESS      45 7E 5D BD 6A E0 7D 62 ...      
11.66217727      vxAC@:.exe:1008      OpenKey      HKCU\Software\Microsoft      SUCCESS      Key: 0xE293D9A0      
11.66224348      vxAC@:.exe:1008      QueryValue      HKCU\Software\Microsoft\Append      NOTFOUND            
65.80652407      vxAC@:.exe:1008      OpenKey      HKCU\Software\Ioae      NOTFOUND            
65.80672102      vxAC@:.exe:1008      OpenKey      HKCU\Software\Microsoft      SUCCESS      Key: 0xE2C52D20      
65.80679729      vxAC@:.exe:1008      QueryValue      HKCU\Software\Microsoft\Append      NOTFOUND            

Does this ring a bell to anyone?
What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.


Author Comment

ID: 12216405
I've ran the HijackThis.exe and I found this file between the results vxсурк.exe sitting in C:\Documments and Settings\Administrator\Application Data folder and removed this one because it starts with vx like my strange vxAC@:.exe file. Hope this will fix the issue. I will test again and then I will allocate the points.
LVL 65

Expert Comment

ID: 12216426
good sign.... im listening to know the results !! :)

Author Comment

ID: 12216453
Strange?! I took the name of the file with copy and paste and even if it was looking like vxcypk when it came in my comment it has been changed to that strange string vxсурк.exe


Any clue?

Author Comment

ID: 12216537
I restarted my PC and vxAC@:.exe is not running anymore. That means problem solved. Thanks SheharyaarSaahil. You receive the points.

Anyway good to remember this nasty file that looks like vxcypk.exe but is actally vxAC@:.exe.
LVL 65

Expert Comment

ID: 12216578
lol..... they can be looked in anyway... they can change their names like chameleon !! =\
but glad to know that u got rid of it.... good job and cheers ^_^

Author Comment

ID: 12216747
I had a look again to the name of the file (I still have it in my Recycle Bin) and now I noticed that the last four letters are from Russian alphabet cyrk. They look litle nit different from the usual ones.
So it should be a russian hand here, I guess :)
LVL 65

Expert Comment

ID: 12216759

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
Come and listen to Percona CEO Peter Zaitsev discuss what’s new in Percona open source software, including Percona Server for MySQL ( and MongoDB (…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question