vxAC@:.exe virus?

Posted on 2004-10-02
Last Modified: 2013-12-04
Any time I start my PC there is an app running in task manager. The app is vxAC@:.exe. I use to end it and then I go in regedit and use find for vxac. There are some of them and I use to delete them.
Next time I start my pc vxAC@:.exe is again in my task manager.
I'm running w2k sp2, and this file came to my PC only a few days ago. I have an old and clean System State backup on my PC but even restoring this one doesn't help.

Is this a virus, and how to clean this one?
Question by:edi02
  • 5
  • 4
LVL 65

Accepted Solution

SheharyaarSaahil earned 125 total points
ID: 12206832
Hello edi02 =)

First Download HijackThis v1.98.2 from here, run it and Save the LOG file:

Then Post that log at this site >>
and it will automatically analyse it for u,,, Fix everything which it labels as Nasty :)
To Fix, check the lines and click on Fix Checked !!

CAUTION: Before fixing the entries in hijackthis, make sure that they are really Nasty and can be deleted, better u first research for it on Google and then when u will confirm that they shud be deleted, Fix them. And whenever u run Hijackthis, run it from a New folder on ur desktop, so that in case of any problem, u can take advantages of its created backups of fixed items. And in case if u still face problems in dealing with it, just analyse ur log at the above site, and then scroll down where u will see a Save Analyse button, hit it and it will save ur Log Analysation, then copy the link of that page and paste it here, and we will check it for u :)

Then Run these tools in safemode to make sure ur system is clean now !!
AdAware ==>
SpyBot  ==>
Stinger ==>

That will surely kick it out of ur system =)
Post Back and Good Luck :)
LVL 49

Expert Comment

ID: 12206869
Hi edi02,

It is hard to say whether it is a virus's work or a spyware's work. All you can do is to work towards both of those and see if the issue goes away.

First go here and download msconfig
Using it , go to startup tab and disable all applications except anti-virus and firewall.
Restart your machine and check if that process starts automatically. If not , then enable each application one by one to find which one would be the culprit

Then , update your Anti-virus software , if you have got one. Run it both in Normal and Safe mode to see if it catches any virus. If you donot have an anti-virus , run the online virus scanner from here 
See if it catches anything.

Ofcourse, you would have tried the suggestions given by shehary..  

After that make sure to remove all temporary files
Remove temporary internet files, folders and cookies
Also remove windows Temp files going to

1) Start --> run --> typein:  %systemroot%/temp
2) Start  --> run --> typein: %temp%

Post back after that even if your issue is not solved ..


Author Comment

ID: 12216295
Thanks guys,
Still investigating. I've ran regmon.exe to find what is doing in my registry this puppy and this is what I found:

10.54337142      vxAC@:.exe:1008      QueryValue      HKCU\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Internet Settings\EnableAutodial      SUCCESS      0x0      
10.54497051      vxAC@:.exe:1008      OpenKey      HKCU\Software\\Personal Firewall      NOTFOUND            
10.54506605      vxAC@:.exe:1008      OpenKey      HKCU\Software\Symantec\Internet Security      NOTFOUND            
10.54552030      vxAC@:.exe:1008      OpenKey      HKCU\Software\Untu      NOTFOUND            
10.66076424      vxAC@:.exe:1008      OpenKey      HKCU\Software\Ioae      SUCCESS      Key: 0xE2891420      
10.66087068      vxAC@:.exe:1008      QueryValue      HKCU\Software\Ioae\Rcsc      SUCCESS      45 7E 5D BD 6A E0 7D 62 ...      
10.66111373      vxAC@:.exe:1008      OpenKey      HKCU\Software\Microsoft      SUCCESS      Key: 0xE13A3320      
10.66118329      vxAC@:.exe:1008      QueryValue      HKCU\Software\Microsoft\Append      NOTFOUND            
11.66185209      vxAC@:.exe:1008      OpenKey      HKCU\Software\Ioae      SUCCESS      Key: 0xE288E020      
11.66196272      vxAC@:.exe:1008      QueryValue      HKCU\Software\Ioae\Rcsc      SUCCESS      45 7E 5D BD 6A E0 7D 62 ...      
11.66217727      vxAC@:.exe:1008      OpenKey      HKCU\Software\Microsoft      SUCCESS      Key: 0xE293D9A0      
11.66224348      vxAC@:.exe:1008      QueryValue      HKCU\Software\Microsoft\Append      NOTFOUND            
65.80652407      vxAC@:.exe:1008      OpenKey      HKCU\Software\Ioae      NOTFOUND            
65.80672102      vxAC@:.exe:1008      OpenKey      HKCU\Software\Microsoft      SUCCESS      Key: 0xE2C52D20      
65.80679729      vxAC@:.exe:1008      QueryValue      HKCU\Software\Microsoft\Append      NOTFOUND            

Does this ring a bell to anyone?
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.


Author Comment

ID: 12216405
I've ran the HijackThis.exe and I found this file between the results vxсурк.exe sitting in C:\Documments and Settings\Administrator\Application Data folder and removed this one because it starts with vx like my strange vxAC@:.exe file. Hope this will fix the issue. I will test again and then I will allocate the points.
LVL 65

Expert Comment

ID: 12216426
good sign.... im listening to know the results !! :)

Author Comment

ID: 12216453
Strange?! I took the name of the file with copy and paste and even if it was looking like vxcypk when it came in my comment it has been changed to that strange string vxсурк.exe


Any clue?

Author Comment

ID: 12216537
I restarted my PC and vxAC@:.exe is not running anymore. That means problem solved. Thanks SheharyaarSaahil. You receive the points.

Anyway good to remember this nasty file that looks like vxcypk.exe but is actally vxAC@:.exe.
LVL 65

Expert Comment

ID: 12216578
lol..... they can be looked in anyway... they can change their names like chameleon !! =\
but glad to know that u got rid of it.... good job and cheers ^_^

Author Comment

ID: 12216747
I had a look again to the name of the file (I still have it in my Recycle Bin) and now I noticed that the last four letters are from Russian alphabet cyrk. They look litle nit different from the usual ones.
So it should be a russian hand here, I guess :)
LVL 65

Expert Comment

ID: 12216759

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Security, hackers 10 124
Most secure Linux or x86 Unix that are least prone to ransomware/malware 24 111
Share and Advanced Sharing permissions 8 99
SHA2 certs for IIS AND Java? 2 90
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
OfficeMate Freezes on login or does not load after login credentials are input.
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

778 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question