Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


vxAC@:.exe virus?

Posted on 2004-10-02
Medium Priority
Last Modified: 2013-12-04
Any time I start my PC there is an app running in task manager. The app is vxAC@:.exe. I use to end it and then I go in regedit and use find for vxac. There are some of them and I use to delete them.
Next time I start my pc vxAC@:.exe is again in my task manager.
I'm running w2k sp2, and this file came to my PC only a few days ago. I have an old and clean System State backup on my PC but even restoring this one doesn't help.

Is this a virus, and how to clean this one?
Question by:edi02
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
LVL 65

Accepted Solution

SheharyaarSaahil earned 500 total points
ID: 12206832
Hello edi02 =)

First Download HijackThis v1.98.2 from here, run it and Save the LOG file:

Then Post that log at this site >> http://www.hijackthis.de/index.php?langselect=english
and it will automatically analyse it for u,,, Fix everything which it labels as Nasty :)
To Fix, check the lines and click on Fix Checked !!

CAUTION: Before fixing the entries in hijackthis, make sure that they are really Nasty and can be deleted, better u first research for it on Google and then when u will confirm that they shud be deleted, Fix them. And whenever u run Hijackthis, run it from a New folder on ur desktop, so that in case of any problem, u can take advantages of its created backups of fixed items. And in case if u still face problems in dealing with it, just analyse ur log at the above site, and then scroll down where u will see a Save Analyse button, hit it and it will save ur Log Analysation, then copy the link of that page and paste it here, and we will check it for u :)

Then Run these tools in safemode to make sure ur system is clean now !!
AdAware ==> http://www.spychecker.com/program/adaware.html
SpyBot  ==> http://www.spychecker.com/program/spybot.html
Stinger ==> http://vil.nai.com/vil/stinger

That will surely kick it out of ur system =)
Post Back and Good Luck :)
LVL 49

Expert Comment

ID: 12206869
Hi edi02,

It is hard to say whether it is a virus's work or a spyware's work. All you can do is to work towards both of those and see if the issue goes away.

First go here and download msconfig http://www.techadvice.com/win2000/m/msconfig_w2k.htm
Using it , go to startup tab and disable all applications except anti-virus and firewall.
Restart your machine and check if that process starts automatically. If not , then enable each application one by one to find which one would be the culprit

Then , update your Anti-virus software , if you have got one. Run it both in Normal and Safe mode to see if it catches any virus. If you donot have an anti-virus , run the online virus scanner from here
See if it catches anything.

Ofcourse, you would have tried the suggestions given by shehary..  

After that make sure to remove all temporary files
Remove temporary internet files, folders and cookies
Also remove windows Temp files going to

1) Start --> run --> typein:  %systemroot%/temp
2) Start  --> run --> typein: %temp%

Post back after that even if your issue is not solved ..


Author Comment

ID: 12216295
Thanks guys,
Still investigating. I've ran regmon.exe to find what is doing in my registry this puppy and this is what I found:

10.54337142      vxAC@:.exe:1008      QueryValue      HKCU\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Internet Settings\EnableAutodial      SUCCESS      0x0      
10.54497051      vxAC@:.exe:1008      OpenKey      HKCU\Software\McAfee.com\Personal Firewall      NOTFOUND            
10.54506605      vxAC@:.exe:1008      OpenKey      HKCU\Software\Symantec\Internet Security      NOTFOUND            
10.54552030      vxAC@:.exe:1008      OpenKey      HKCU\Software\Untu      NOTFOUND            
10.66076424      vxAC@:.exe:1008      OpenKey      HKCU\Software\Ioae      SUCCESS      Key: 0xE2891420      
10.66087068      vxAC@:.exe:1008      QueryValue      HKCU\Software\Ioae\Rcsc      SUCCESS      45 7E 5D BD 6A E0 7D 62 ...      
10.66111373      vxAC@:.exe:1008      OpenKey      HKCU\Software\Microsoft      SUCCESS      Key: 0xE13A3320      
10.66118329      vxAC@:.exe:1008      QueryValue      HKCU\Software\Microsoft\Append      NOTFOUND            
11.66185209      vxAC@:.exe:1008      OpenKey      HKCU\Software\Ioae      SUCCESS      Key: 0xE288E020      
11.66196272      vxAC@:.exe:1008      QueryValue      HKCU\Software\Ioae\Rcsc      SUCCESS      45 7E 5D BD 6A E0 7D 62 ...      
11.66217727      vxAC@:.exe:1008      OpenKey      HKCU\Software\Microsoft      SUCCESS      Key: 0xE293D9A0      
11.66224348      vxAC@:.exe:1008      QueryValue      HKCU\Software\Microsoft\Append      NOTFOUND            
65.80652407      vxAC@:.exe:1008      OpenKey      HKCU\Software\Ioae      NOTFOUND            
65.80672102      vxAC@:.exe:1008      OpenKey      HKCU\Software\Microsoft      SUCCESS      Key: 0xE2C52D20      
65.80679729      vxAC@:.exe:1008      QueryValue      HKCU\Software\Microsoft\Append      NOTFOUND            

Does this ring a bell to anyone?
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 12216405
I've ran the HijackThis.exe and I found this file between the results vxсурк.exe sitting in C:\Documments and Settings\Administrator\Application Data folder and removed this one because it starts with vx like my strange vxAC@:.exe file. Hope this will fix the issue. I will test again and then I will allocate the points.
LVL 65

Expert Comment

ID: 12216426
good sign.... im listening to know the results !! :)

Author Comment

ID: 12216453
Strange?! I took the name of the file with copy and paste and even if it was looking like vxcypk when it came in my comment it has been changed to that strange string vxсурк.exe


Any clue?

Author Comment

ID: 12216537
I restarted my PC and vxAC@:.exe is not running anymore. That means problem solved. Thanks SheharyaarSaahil. You receive the points.

Anyway good to remember this nasty file that looks like vxcypk.exe but is actally vxAC@:.exe.
LVL 65

Expert Comment

ID: 12216578
lol..... they can be looked in anyway... they can change their names like chameleon !! =\
but glad to know that u got rid of it.... good job and cheers ^_^

Author Comment

ID: 12216747
I had a look again to the name of the file (I still have it in my Recycle Bin) and now I noticed that the last four letters are from Russian alphabet cyrk. They look litle nit different from the usual ones.
So it should be a russian hand here, I guess :)
LVL 65

Expert Comment

ID: 12216759

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question