suspicious executable at hard drive root

thrash-boy · October 28, 2008

well i opened my computer and opened my hard drive today, and just as i was looking for program files folder, i noticed a very strange exe file. Under it (because im in tiles view it showed the company beklow the file name) it says Mooky Da KiD. as soon as i saw that weird name i googled it and all the results turned out to be botnet related things. I also found this myspace.

I scanned the file with up-to-date AVG free and it turned out ok apparently.

Here are more file information form the version tab when you right click t and select properties:

Company: Mooky Da KiD

File Version: 1.00

Internal Name: stub

Language: English (United States)

Original File Name: stub[Caution: ExecutableFile]

Product Name: Stub

Product Version: 1.00

heres a hijackthis log:

[hide=Hijack this log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:27:32 PM, on 10/28/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss[Caution: ExecutableFile]

C:\WINDOWS\system32\winlogon[Caution: ExecutableFile]

C:\WINDOWS\system32\services[Caution: ExecutableFile]

C:\WINDOWS\system32\lsass[Caution: ExecutableFile]

C:\WINDOWS\system32\Ati2evxx[Caution: ExecutableFile]

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

C:\Program Files\Lavasoft\Ad-Aware\aawservice[Caution: ExecutableFile]

C:\WINDOWS\system32\Ati2evxx[Caution: ExecutableFile]

C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile]

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService[Caution: ExecutableFile]

C:\PROGRA~1\AVG\AVG8\avgwdsvc[Caution: ExecutableFile]

C:\Program Files\Bonjour\mDNSResponder[Caution: ExecutableFile]

C:\Program Files\COMODO\Firewall\cmdagent[Caution: ExecutableFile]

C:\WINDOWS\eHome\ehRecvr[Caution: ExecutableFile]

C:\WINDOWS\eHome\ehSched[Caution: ExecutableFile]

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm[Caution: ExecutableFile]

C:\WINDOWS\system32\slserv[Caution: ExecutableFile]

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

C:\Program Files\Virtual CD v4 SDK\system\vcssecs[Caution: ExecutableFile]

C:\Program Files\epgStream.net\wmcGuideServiceProxy\wmcGuideServiceProxyHost[Caution: ExecutableFile]

C:\Program Files\epgStream.net\xmltvDownload\xmltvDownloadHost[Caution: ExecutableFile]

C:\Program Files\epgStream.net\wmcGuideServiceProxy\wmcGuideServiceProxy[Caution: ExecutableFile]

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC[Caution: ExecutableFile]

C:\PROGRA~1\AVG\AVG8\avgrsx[Caution: ExecutableFile]

C:\PROGRA~1\AVG\AVG8\avgemc[Caution: ExecutableFile]

C:\WINDOWS\Explorer[Caution: ExecutableFile]

C:\WINDOWS\system32\dllhost[Caution: ExecutableFile]

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

C:\WINDOWS\ehome\ehtray[Caution: ExecutableFile]

C:\WINDOWS\eHome\ehmsas[Caution: ExecutableFile]

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx[Caution: ExecutableFile]

C:\WINDOWS\SOUNDMAN[Caution: ExecutableFile]

C:\WINDOWS\ALCWZRD[Caution: ExecutableFile]

C:\apps\ABoard\ABoard[Caution: ExecutableFile]

C:\PROGRA~1\AVG\AVG8\avgtray[Caution: ExecutableFile]

C:\Program Files\COMODO\Firewall\cfp[Caution: ExecutableFile]

C:\apps\ABoard\AOSD[Caution: ExecutableFile]

C:\Program Files\Microsoft Office\Office12\GrooveMonitor[Caution: ExecutableFile]

C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl[Caution: ExecutableFile]

C:\WINDOWS\system32\ctfmon[Caution: ExecutableFile]

C:\Program Files\Spybot - Search & Destroy\TeaTimer[Caution: ExecutableFile]

C:\WINDOWS\system32\uzcpgs[Caution: ExecutableFile]

C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]

C:\Program Files\HP\Digital Imaging\bin\hpqtra08[Caution: ExecutableFile]

C:\WINDOWS\system32\wuauclt[Caution: ExecutableFile]

C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08[Caution: ExecutableFile]

C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog[Caution: ExecutableFile]

C:\Program Files\Mozilla Firefox\firefox[Caution: ExecutableFile]

C:\Program Files\MSN Messenger\usnsvc[Caution: ExecutableFile]

C:\Program Files\Trend Micro\HijackThis\HijackThis[Caution: ExecutableFile]

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsupdate.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG[Caution: ExecutableFile]" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP[Caution: ExecutableFile] /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP[Caution: ExecutableFile] /IMEName

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray[Caution: ExecutableFile]

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut[Caution: ExecutableFile]

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx[Caution: ExecutableFile]

O4 - HKLM\..\Run: [soundMan] SOUNDMAN[Caution: ExecutableFile]

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD[Caution: ExecutableFile]

O4 - HKLM\..\Run: [Alcmtr] ALCMTR[Caution: ExecutableFile]

O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard[Caution: ExecutableFile]

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray[Caution: ExecutableFile]

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp[Caution: ExecutableFile]" -h

O4 - HKLM\..\Run: [Microsoft Update Machine] uzcpgs[Caution: ExecutableFile]

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor[Caution: ExecutableFile]"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl[Caution: ExecutableFile]"

O4 - HKLM\..\RunServices: [Microsoft Update Machine] uzcpgs[Caution: ExecutableFile]

O4 - HKCU\..\Run: [CTFMON[Caution: ExecutableFile]] C:\WINDOWS\system32\ctfmon[Caution: ExecutableFile]

O4 - HKCU\..\Run: [Microsoft Update Machine] uzcpgs[Caution: ExecutableFile]

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer[Caution: ExecutableFile]

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON[Caution: ExecutableFile]] C:\WINDOWS\system32\CTFMON[Caution: ExecutableFile] (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON[Caution: ExecutableFile]] C:\WINDOWS\system32\CTFMON[Caution: ExecutableFile] (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON[Caution: ExecutableFile]] C:\WINDOWS\system32\CTFMON[Caution: ExecutableFile] (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON[Caution: ExecutableFile]] C:\WINDOWS\system32\CTFMON[Caution: ExecutableFile] (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08[Caution: ExecutableFile]

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL[Caution: ExecutableFile]/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag[Caution: ExecutableFile]

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag[Caution: ExecutableFile]

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2558196265

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll C:\WINDOWS\system32\guard32.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice[Caution: ExecutableFile]

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService[Caution: ExecutableFile]

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx[Caution: ExecutableFile]

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag[Caution: ExecutableFile]

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc[Caution: ExecutableFile]

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc[Caution: ExecutableFile]

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder[Caution: ExecutableFile]

O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent[Caution: ExecutableFile]

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc[Caution: ExecutableFile]

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12[Caution: ExecutableFile]

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv[Caution: ExecutableFile]

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC[Caution: ExecutableFile]

O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs[Caution: ExecutableFile]

O23 - Service: Windows Media Center Guide Service Proxy (wmcGuideServiceProxy) - epgStream.net - C:\Program Files\epgStream.net\wmcGuideServiceProxy\wmcGuideServiceProxyHost[Caution: ExecutableFile]

O23 - Service: XMLTV Download Schedule Service (xmltvDownload) - epgStream.net - C:\Program Files\epgStream.net\xmltvDownload\xmltvDownloadHost[Caution: ExecutableFile]

--

End of file - 9982 bytes[/hide]

The name of the exe is 784hjdfhjsf[Caution: ExecutableFile]

It was created/last modified on Friday, October 24th (4 days ago)

It was last accessed today, but that might be because i accessed the properties of it

The files icon is also a bit odd. it look likes a simple command prompt window, but is slopped down to the right, and the bar at the top is a light cyan/teal color. the centre of the window is white with no writing.

Interesting there is also a rar file in my hard drives root, with a name hard to say here due to the censors.

the first part is the common f word, in lower case, often used to refer to people reproducing

immediately following that is 'l8o' with the ' bits

and finally a dot and then exe

I haven't touched either file yet, and ill put them in a zip file and then upload them somewhere incase anyone wants to look at the actual files.

----

anyway i want to know if my connection is being used to help perform ddos attacks (seeing as googling the files company name returned alot of botnet results), or if im sending spam mail to people or anything like that.

thanks for all the help when it comes!

EDIT: fixed a few typos

thrash-boy · October 28, 2008

i removed files from the root of my drive and put them in a new folder.

i searched a bit more on that rar file, and found this: http://www.prevx.com/filenames/42359096 ... 2EEXE.html

doesnt look to good :(

so what i tried was extracting the rar file to check the file sizes with the sizes mentioned on that site. i extracted with winRar and 2 files came out, [F-word]l8o[Caution: ExecutableFile] and [F-word]lo[Caution: ExecutableFile] (change f word for real thing and remove brackets)

i didnt get a chance to check the file size because avg immediately kicked (atleast i know its working lol) letting me know they were threats:

here is a link to a rar file containing the original exe file i was worried about, from Mooky Da KiD:

CAUTION: ONLY DOWNLOAD THE BELOW FILE IF YOU KNOW WHAT YOUR DOING! IT COULD CONTAIN MALICIOUS STUFF!

[hide=If your sure, click here!]http://www.savefile.com/files/1862714[/hide]

im not sure if i should post it here if i suspect it of being a botnet thing, but ill post it anyway, with a big red warning label, just incase someone who knows what there doing can get some info from it. mods remove it if you wish

thrash-boy · October 28, 2008

ok another update, still haven't solved problem, just found more problems! :roll:

i downloaded the prevx csi from the link i posted last or first post from the website that had details on the first exe i found. i ran a scan and it found an item that it said was malicious, located in C:/windows/system32 (not good :( )

its called uzcpgs[Caution: ExecutableFile], is 362,636 bytes in size (not size on disc whatever that means)

it was created Friday, September something 2004, and was modified in Monday april 14th 2008.

the problem is i reinstalled windows completely with the Packard bell recovery program about a month ago, so it must have been in the manufactures (hp) package.

its a hidden file and cant be deleted because it says its in use.

Im not going to try delete it in safe mode yet because of when it was created.

i just relised i havnt posted any system specs lol. im on win xp media center 2005 edition.

i have to go now but ill be back later to post more details and see if nayones found a solution!

thanks

Sbrideau · October 28, 2008

Nice, I'm not the only one with Media Center Edition here lol.

As for the Hijackthis log, I'm very not sure about it, but some lines that look suspicious to me:

[hide=]The following 3 are for whatever epgSteam.net is.

C:\Program Files\epgStream.net\wmcGuideServiceProxy\wmcGuideServiceProxyHost[Caution: ExecutableFile]

C:\Program Files\epgStream.net\xmltvDownload\xmltvDownloadHost[Caution: ExecutableFile]

C:\Program Files\epgStream.net\wmcGuideServiceProxy\wmcGuideServiceProxy[Caution: ExecutableFile]

Still not sure, but now on something I think more serious:

C:\WINDOWS\system32\uzcpgs[Caution: ExecutableFile]

O4 - HKLM\..\Run: [Microsoft Update Machine] uzcpgs[Caution: ExecutableFile]

O4 - HKLM\..\RunServices: [Microsoft Update Machine] uzcpgs[Caution: ExecutableFile]

O4 - HKCU\..\Run: [Microsoft Update Machine] uzcpgs[Caution: ExecutableFile]

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc[Caution: ExecutableFile] < first time I see this one

Again, whateveer epgStream.net is

O23 - Service: Windows Media Center Guide Service Proxy (wmcGuideServiceProxy) - epgStream.net - C:\Program Files\epgStream.net\wmcGuideServiceProxy\wmcGuideServiceProxyHost[Caution: ExecutableFile]

O23 - Service: XMLTV Download Schedule Service (xmltvDownload) - epgStream.net - C:\Program Files\epgStream.net\xmltvDownload\xmltvDownloadHost[Caution: ExecutableFile][/hide]

Again, wait for someone to confirm these before doing anything, I'm not too savvy in the HJT logs thing, but I try to help and learn with them.

Denismage · October 28, 2008

Use an online scanner to scan your computer, Kaspersky knows that trojan now so you can use it.

thrash-boy · October 29, 2008

thanks for the help guys.

epgStream.net (epg = 'electronic program guide' i think) is related what i use to download the media center guide (like a tv guide that tells you what shows are on) information. Here in australia you have to use a 3rd party program like that because there are laws that prevent Microsoft hosting the guide information on there website or something, so you have to use something else.

ill do another virus scan and see if anything comes up

EDIT: looked into that other file you found in the hijackthis log and its fine:

-23382.html]http://www.bleepingcomputer.com/startup ... 23382.html

aperently its an adobe product update checker thats ment to run on startup.

D. V. Devnull · October 29, 2008

(Pardon my offside comment here... but that image really stuns me. :o ...)

Use an online scanner to scan your computer, Kaspersky knows that trojan now so you can use it.

[hide=Image hidden during quote, click to view...][/hide]

Whoa... If that online thing says that their copy of NOD32 didn't find anything, but we know that something is there due to at least 3 other scanners, then I'm reasonably sure that site does not have their NOD32 setup and configured correctly. Especially since I've seen NOD32 stop new viruses before my eyes. This would tend to make me trust that online scanner much less. :(

(BTW, as for that "uzcpgs[Caution: ExecutableFile]" thing, I think Clare will be the one who knows what's up.)

~D. V. "I think that online scanner isn't setup right." Devnull

Jernlov · October 29, 2008

NOD32 isn't the be all and end all of AV programs.

D. V. Devnull · October 29, 2008

NOD32 isn't the be all and end all of AV programs <<<Insult removed>>>

Wow... Could have gone all day without that kind of language. :-#

BTW, I'm not trying to be all dogmatic, like as if it were a "be all, end all"... What I'm trying to point out, however, is that if their setup were correct, then NOD32 should find whatever malware is present. That's all I'm trying to point out and make clear note of. :geek:

Thanks for jumping way off the deep end over something that was just a bit stunning to my eyes, SilverSword. I'm really not as bad/awful/wacko as you may think I am, and I never will be... :roll:

~D. V. "I'm not your enemy. Quit thinking I am." Devnull

Dracion1 · October 29, 2008

Just because NOD32 doesn't detect it doesn't make it unreliable. No anti-malware program has a 100% detection rate. Never has done and I'd give it a 99.99% chance that it never will do.

das · October 29, 2008

No Doubt, NOD32 wont catch everything, nothing will.

thrash-boy · October 30, 2008

i downloaded and installed avira av free and done a scan, it found about 4 things. 2 or 3 were the files i already knew about that i had copied to my desktop and archived to upload in that post earlier, but 1 or 2 of them were things that either got there after my last avg scan (a bit over a week) or avg never picked up.

after i rebooted today it picked up the uzcpgs[Caution: Executable File] thing as i was logging on, and seems to have removed it nicely.

hopefully it should be all good now. thanks for your help guys

suspicious executable at hard drive root

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Important Information