Strange "exe" shown in the task manger

by RaoulF Feb 4, 2009 10:22AM PST

I have a HP Compaq Laptop 8510p.Since about 3 weeks, is an "exe" shown, which changes its name, after every start of the pc. This time its named XU8FE.exe, last time QBN4C.exe...and so on. A system scan for that files gets no results. Even in the registry is not such a file..The file is shown as a system process in the task manager.
Can anybody tell me, what kind of "exe" that is, and how to remove the causer of that file. I killed that process already (with admin rights possible) ..and there was no disturb during working with the pc.

Sytem : win XP prof. version 2002 SP2 v, processor Intel core duo 2,4GHZ, 3 GB ram,Ati radeon hd 2600

Discussion is locked

- Collapse -

It is almost certainly malware.

by MarkFlax Former Forum moderator Feb 4, 2009 7:29PM PST

Anything that changes its name like that is almost certainly malware.

What does MSCONFIG show, (System Configuration Editor, in Start > Run, type in msconfig, click OK), in the Startup tab? If there is anything there which looks unusual? If so, start investigating the path.

I would also download, install, run and update MalwareBytes AntiMalware, (MBAM), and perform a full scan in Safe Mode. Grif Thomas has full guidance how to download and install MBAM here;
http://forums.cnet.com/5208-6122_102-0.html?forumID=44&threadID=328528&messageID=2969621&tag=forums06;search-results#2969621

See how you get on.

Mark

- Collapse -

strange..

by RaoulF Feb 5, 2009 2:44PM PST

The path is shown as : HKLM/software / windos/ curr. version/ run..nothing else..and in thereg. i cannot find any suitable entry..
But i always cancel the prog after start up as Admin..
Thank you very much..it seems, You are very experienced!!

- Collapse -

Thank You!!

by RaoulF Feb 5, 2009 2:41PM PST

Thank You very much. I made the "msconfig"as Admin..and unchechecked the autostart at the suspicious prog..but it still runs when i log on as "normal user" ..very strange, isnt it?

- Collapse -

Yep.

by MarkFlax Former Forum moderator Feb 5, 2009 7:05PM PST

Are you sure about that, "HKLM/software / windos/ curr. version/ run"

In my registry that path would be HKLM\Software\Microsoft\Windows\CurrentVersion\Run.

A Run key in any other location is surely malware related.Anything that does not have Microsoft, that says windos, (not Windows), and says curr. version, has not been created by any genuine software, although why malware would try and create a Run key in that location defeats me, because only Run keys in the location/path I quoted in my registry would attempt to run at startup.

Those words and the spelling is important. Malware will try and fool us by planting files on the hard drive that 'look like' genuine files, but are not. For example, lsass.exe in the System32 folder is genuine, but lsasss.exe in the Windows folder would be a virus.

I'm not sure why anything like this would still appear when you log on as any other user. That registry key is global, and so would affect all users. Can you tell us what the exact message is under this "normal" user? Remember, spelling is important.

I would still download, install, update and scan with MalwareBytes as suggested in my first post. There may be malware still in the system.

Mark

- Collapse -

strange exe..

by RaoulF Feb 5, 2009 10:48PM PST

of course its :HKLM\Software\Microsoft\Windows\CurrentVersion\Run.
i am sorry, dear friend, to made troubles by shorten the name...

Thank You very, very much!!

- Collapse -

Download and install Starter . . .

by Coryphaeus Feb 5, 2009 10:11PM PST

by CodeStuff. It'll list all startup programs and give information about them. You can disable the start or remove them completely.

Strange "exe" shown in the task manger

CNET Forums

Other Forums

Forum Info