Spyware, Viruses, & Security forum

General discussion

Mystery executables flagged by Spysweeper

by tl_henry / February 8, 2006 6:31 AM PST

OS: xp pro sp2
Spysweeper, Symantec AV 2005, Spybot, Ccleaner, Ewido

I've been attempting to clean one of the bosses personal computers of tons of adware/spyware/trojans. It's never had any windows updates posted since new (I think) and was infested with one of everything. I got it because it started locking up on him every 20 minutes. I also think they clicked on and installed every bogus adblocker, spyware blocker, pop-up blocker that popped up on their browser (and you know what that results in...)

The computer has Spysweeper installed and everytime I start up the machine a screen pops up listing unknown startup programs. When I click on the details link to the right of each one, it comes up with 'unknown' for these two programs:

Name: drhuol
location: c:\windows\system32\qyrpee.exe
HKLM:run

Name: vmhsdwx
Location: c:\windows\system32\rprmst.exe
HKLM:run

Never having used Spysweeper I'd like to know what it's trying to tell me and also how to respond. I tried googling the filenames and got nothing, which sets off alarm bells right there.

Neither filename shows up as a startup item in MSCONFIG. Nor do the files show up in the file list in Windows Explorer.

Any suggestions or pointers? I'd be very grateful.

Terry

Discussion is locked
You are posting a reply to: Mystery executables flagged by Spysweeper
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Mystery executables flagged by Spysweeper
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Mystery executables flagged by Spysweeper
by Marianna Schmudlach / February 8, 2006 9:41 AM PST

Hi Terry,

I can't find anything either.

Make sure you can view hidden and system files: Instructions here

Then Boot to safe mode: Instructions here

and find and delete:

c:\windows\system32\qyrpee.exe <--file

and

c:\windows\system32\rprmst.exe <---file

Reboot

Collapse -
RE: mystery executables
by tl_henry / February 8, 2006 10:35 PM PST

I've been trying to find them and can't. I even did a registry search for them to find where they're starting up (since they're not in win.ini, boot.ini, or referenced at all in msconfig) and the only registry entry I can find is the one where spysweeper has flagged the file and is waiting for a response. Could this be a leftover program registry entry?

Here's something else weird: This machine has 2 user profiles, both set up as administrators. One appears to be working fairly normally. The other has a plain white background that periodically glows brighter and dimmer. Properties clicking on the desktop only shows a bitmap property page. I've never seen that before. Have you? Seems like they've got something here that has hijacked the desktop on one profile, even though Spysweeper, Ad-aware, Ewido, and Symantec all say it's clean. I suppose I could just be dealing with the remains of the infections now.

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?