Is WinXP-image named DDRQTZ32.EXE a legitimate image?

  • Thread starter Thread starter David Cook
  • Start date Start date
D

David Cook

A WinXP home-edition system recently started running 'slowly'. This machine
belongs to a friend of mine.

(So, I've now run the latest updated signatured scan using Norton (Symantec)
anti-virus, and it shows the system to be virus free.
I've also run numerous 'spyware' cleaning tools, such as Spybot, and
Ad-aware personal-edition
and they've cleaned off various nasties.)

But, it still has this symptom of 100% CPU utilization, caused mostly by an
image named DDRQTZ32.EXE (which resides in windows-system-tree in subdir
named
SYSTEM32) on this friend's system.

Does anyone know what functionality this image pertains to? And, can you
explain
why neither of my WinXP systems that I own have this image present?

TIA...

Dave
 
David said:
A WinXP home-edition system recently started running 'slowly'. This machine
belongs to a friend of mine.

(So, I've now run the latest updated signatured scan using Norton (Symantec)
anti-virus, and it shows the system to be virus free.
I've also run numerous 'spyware' cleaning tools, such as Spybot, and
Ad-aware personal-edition
and they've cleaned off various nasties.)

But, it still has this symptom of 100% CPU utilization, caused mostly by an
image named DDRQTZ32.EXE (which resides in windows-system-tree in subdir
named
SYSTEM32) on this friend's system.

Does anyone know what functionality this image pertains to? And, can you
explain
why neither of my WinXP systems that I own have this image present?
Click to expand...

perhaps you've not seen it on your own pc's because it's not supposed
to be there... it looks like a randomly generated filename to me, which
is a common way for malware writers to mess with the heads of people
who think filenames tell them anything...

since the anti-virus didn't detect it and you still find it suspicious
i suggest you send a copy to an av developer for analysis...
 
Kurt -

I like your suggestion about sending the suspicious file to 'an AV
developer'.

So, more specifically, who might that be? Do you mean to Symantec (e.g.
Norton Anti-Virus)
people or someone else?

Cheers...

Dave
 
David said:
Kurt -

I like your suggestion about sending the suspicious file to 'an AV
developer'.

So, more specifically, who might that be? Do you mean to Symantec (e.g.
Norton Anti-Virus)
people or someone else?
Click to expand...

yes, symantec qualifies... if that's the only anti-virus software
developer you want to deal with then that's where you send the
sample... however you could also send it to the nice folks at mcafee or
sophos or fsi or . . . if you use norton anti-virus, sending to
symantec is probably the best way to get a resolution to the problem...
 
kurt said:
perhaps you've not seen it on your own pc's because it's not supposed
to be there... it looks like a randomly generated filename to me,
which is a common way for malware writers to mess with the heads of
people who think filenames tell them anything...

since the anti-virus didn't detect it and you still find it suspicious
i suggest you send a copy to an av developer for analysis...
Click to expand...

It easily could be spyware as well. Run Ad-aware and Sybot S&D to check.

Gregg C.
 
Just FYI: After using many of the freeware spyware cleaners, which would
NOT
PERMANENTLY clean off the 'jeired' spyware nasty (which I think also
pertains
to this image named ddrqtz32.exe), one spyware cleaning tool finally DID
RESOLVE
the problem:

The winning program was Spy Sweeper (distributed by 'Webroot'). Their
website
link is: http://www.webroot.com/wb/products/spysweeper/index.php

I notice that this program was recently given PC Magazine's Editor's Choice
award.
It typically costs about $30. (So, here's one person who is willing to say
that maybe
it just DOES deserve that award.) At any rate, it proved superior to the
freeware
wannabes.

Cheers...

Dave
 
Back
Top