erewhon said:
how did you tell & how did you know these were from a malicious source?
Can't tell for certain--but how many hidden executables with names
consisting of random strings of upper and lower case letters do you see on
an XP installation in \windows\system32?
what is the definition of a 'randomly named executables' - how did you know
they were random & malicious?
Named by apparently random strings of upper and lower case letters. Rather
different than most executables, and marked hidden. Did I say they were
malicious? I'm making an educated guess--from significant experience thank
you--based on the date/time stamps on the files and the hidden nature and
naming structure. I moved the executables to a separate directory, rather
than deleting them (that's what I meant by "removed.")
on a pc with so many infections & trojans, I would suggest baking up your
data & formatting the disk & reinstalling the o/s (then installing personal
firewall, applying all o/s patches, installing latest anti-virus & spybot
with immunsise on) before connecting to the internet
Good advice, but not necessary in this particular case, I think. There's no
further evidence of infection since the machine was cleaned some weeks ago.
Couldn't tell--data not easily readable--I confess to guessing on this
point.
unless you have removed genuine o/s or app files...
Nope--I know how to determine if a file is part of Windows, and, as I said,
I moved them, rather than deleting them.
This is a fair caveat for the average person, but I'm very confident of my
ability to distinguish between legit parts of Windows and anything else.
Application files are a different kettle of fish--app vendors may do
anything. However, in my experience they don't throw hidden files with
unrelated and random naming structures into windows\system32.
how did you know they were not valid app or o/s files?
See above, and note that I covered by moving, rather than deleting.
may be a bit too late to submit them since you have already deleted them
See above.
