Solved

vxAC@:.exe virus?

Posted on 2004-10-02
10
288 Views
Last Modified: 2013-12-04
Any time I start my PC there is an app running in task manager. The app is vxAC@:.exe. I use to end it and then I go in regedit and use find for vxac. There are some of them and I use to delete them.
Next time I start my pc vxAC@:.exe is again in my task manager.
I'm running w2k sp2, and this file came to my PC only a few days ago. I have an old and clean System State backup on my PC but even restoring this one doesn't help.

Is this a virus, and how to clean this one?
0
Comment
Question by:edi02
  • 5
  • 4
10 Comments
 
LVL 65

Accepted Solution

by:
SheharyaarSaahil earned 125 total points
ID: 12206832
Hello edi02 =)

First Download HijackThis v1.98.2 from here, run it and Save the LOG file:
http://tools.radiosplace.com/HijackThis.exe

Then Post that log at this site >> http://www.hijackthis.de/index.php?langselect=english
and it will automatically analyse it for u,,, Fix everything which it labels as Nasty :)
To Fix, check the lines and click on Fix Checked !!

CAUTION: Before fixing the entries in hijackthis, make sure that they are really Nasty and can be deleted, better u first research for it on Google and then when u will confirm that they shud be deleted, Fix them. And whenever u run Hijackthis, run it from a New folder on ur desktop, so that in case of any problem, u can take advantages of its created backups of fixed items. And in case if u still face problems in dealing with it, just analyse ur log at the above site, and then scroll down where u will see a Save Analyse button, hit it and it will save ur Log Analysation, then copy the link of that page and paste it here, and we will check it for u :)

Then Run these tools in safemode to make sure ur system is clean now !!
AdAware ==> http://www.spychecker.com/program/adaware.html
SpyBot  ==> http://www.spychecker.com/program/spybot.html
Stinger ==> http://vil.nai.com/vil/stinger

That will surely kick it out of ur system =)
Post Back and Good Luck :)
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 12206869
Hi edi02,

It is hard to say whether it is a virus's work or a spyware's work. All you can do is to work towards both of those and see if the issue goes away.

First go here and download msconfig http://www.techadvice.com/win2000/m/msconfig_w2k.htm
Using it , go to startup tab and disable all applications except anti-virus and firewall.
Restart your machine and check if that process starts automatically. If not , then enable each application one by one to find which one would be the culprit

Then , update your Anti-virus software , if you have got one. Run it both in Normal and Safe mode to see if it catches any virus. If you donot have an anti-virus , run the online virus scanner from here
http://housecall.trendmicro.com/
See if it catches anything.

Ofcourse, you would have tried the suggestions given by shehary..  

After that make sure to remove all temporary files
Remove temporary internet files, folders and cookies
Also remove windows Temp files going to

1) Start --> run --> typein:  %systemroot%/temp
2) Start  --> run --> typein: %temp%

Post back after that even if your issue is not solved ..

SR..
0
 

Author Comment

by:edi02
ID: 12216295
Thanks guys,
Still investigating. I've ran regmon.exe to find what is doing in my registry this puppy and this is what I found:

10.54337142      vxAC@:.exe:1008      QueryValue      HKCU\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Internet Settings\EnableAutodial      SUCCESS      0x0      
10.54497051      vxAC@:.exe:1008      OpenKey      HKCU\Software\McAfee.com\Personal Firewall      NOTFOUND            
10.54506605      vxAC@:.exe:1008      OpenKey      HKCU\Software\Symantec\Internet Security      NOTFOUND            
10.54552030      vxAC@:.exe:1008      OpenKey      HKCU\Software\Untu      NOTFOUND            
10.66076424      vxAC@:.exe:1008      OpenKey      HKCU\Software\Ioae      SUCCESS      Key: 0xE2891420      
10.66087068      vxAC@:.exe:1008      QueryValue      HKCU\Software\Ioae\Rcsc      SUCCESS      45 7E 5D BD 6A E0 7D 62 ...      
10.66111373      vxAC@:.exe:1008      OpenKey      HKCU\Software\Microsoft      SUCCESS      Key: 0xE13A3320      
10.66118329      vxAC@:.exe:1008      QueryValue      HKCU\Software\Microsoft\Append      NOTFOUND            
11.66185209      vxAC@:.exe:1008      OpenKey      HKCU\Software\Ioae      SUCCESS      Key: 0xE288E020      
11.66196272      vxAC@:.exe:1008      QueryValue      HKCU\Software\Ioae\Rcsc      SUCCESS      45 7E 5D BD 6A E0 7D 62 ...      
11.66217727      vxAC@:.exe:1008      OpenKey      HKCU\Software\Microsoft      SUCCESS      Key: 0xE293D9A0      
11.66224348      vxAC@:.exe:1008      QueryValue      HKCU\Software\Microsoft\Append      NOTFOUND            
65.80652407      vxAC@:.exe:1008      OpenKey      HKCU\Software\Ioae      NOTFOUND            
65.80672102      vxAC@:.exe:1008      OpenKey      HKCU\Software\Microsoft      SUCCESS      Key: 0xE2C52D20      
65.80679729      vxAC@:.exe:1008      QueryValue      HKCU\Software\Microsoft\Append      NOTFOUND            

Does this ring a bell to anyone?
0
 

Author Comment

by:edi02
ID: 12216405
I've ran the HijackThis.exe and I found this file between the results vxсурк.exe sitting in C:\Documments and Settings\Administrator\Application Data folder and removed this one because it starts with vx like my strange vxAC@:.exe file. Hope this will fix the issue. I will test again and then I will allocate the points.
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12216426
good sign.... im listening to know the results !! :)
0
Scale it in WD Gold

With up to ten times the workload capacity of desktop drives, WD Gold hard drives employ advanced technology to deliver among the best in reliability, capacity, power efficiency and performance.

 

Author Comment

by:edi02
ID: 12216453
Strange?! I took the name of the file with copy and paste and even if it was looking like vxcypk when it came in my comment it has been changed to that strange string vxсурк.exe

Hmmm...

Any clue?
0
 

Author Comment

by:edi02
ID: 12216537
Ooops!
I restarted my PC and vxAC@:.exe is not running anymore. That means problem solved. Thanks SheharyaarSaahil. You receive the points.

Anyway good to remember this nasty file that looks like vxcypk.exe but is actally vxAC@:.exe.
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12216578
lol..... they can be looked in anyway... they can change their names like chameleon !! =\
but glad to know that u got rid of it.... good job and cheers ^_^
0
 

Author Comment

by:edi02
ID: 12216747
I had a look again to the name of the file (I still have it in my Recycle Bin) and now I noticed that the last four letters are from Russian alphabet cyrk. They look litle nit different from the usual ones.
So it should be a russian hand here, I guess :)
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12216759
:)
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now