random .exe files run on startup and slow processor

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

When I start my machine (P4, 1 gig ram, XP Home), and log on my user, I get a very slow responding processor. When I look in the Windows Task Manager, a strange .exe file is running at or near 99%. If I end process on it, everything runs fine until I reboot...and then the .exe file pops up and has a totally different name (it's different every time). Examples of the names are: qsunoquoroose.exe, kxuqrqr.exe, rorpdtpatobto.exe, syyjsp.exe and so on

I have Mcafee antivirus and firewall, and ran Symantec FixWelch and Stinger (2 virus detectors and fixers) just as an extra check, but nothing turned up. I also ran the fix for the Gaobot virus, and those files (scvhost.exe and svchos1.exe) weren't the problem. I'm stumped

Help!!!!
 
Hi Shady,

Start the system in Safe mode by hitting F8 at startup. Start/run regedit
and look in the run keys for a string that references that funny named file.
Delete that string, then do a search on the system for that file and delete
it wherever found. Then restart the system normally. These are the run keys
you want to look at:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

--
Best of Luck,

Rick Rogers aka "Nutcase" MS-MVP - Win9x
Windows isn't rocket science! That's my other hobby!

Associate Expert - WinXP - Expert Zone



Shady2003 said:
When I start my machine (P4, 1 gig ram, XP Home), and log on my user, I
Click to expand...
get a very slow responding processor. When I look in the Windows Task
Manager, a strange .exe file is running at or near 99%. If I end process on
it, everything runs fine until I reboot...and then the .exe file pops up and
has a totally different name (it's different every time). Examples of the
names are: qsunoquoroose.exe, kxuqrqr.exe, rorpdtpatobto.exe, syyjsp.exe and
so on.
I have Mcafee antivirus and firewall, and ran Symantec FixWelch and
Click to expand...
Stinger (2 virus detectors and fixers) just as an extra check, but nothing
turned up. I also ran the fix for the Gaobot virus, and those files
(scvhost.exe and svchos1.exe) weren't the problem. I'm stumped.
 
Hi Mark,

Just a randomly named trojan. The file is not something you will ever hope
to have back. Just keep your AV definitions up to date. Glad to have helped.

--
Best of Luck,

Rick Rogers aka "Nutcase" MS-MVP - Win9x
Windows isn't rocket science! That's my other hobby!

Associate Expert - WinXP - Expert Zone



shady2003 said:
Thanks, Rick. That seems to have done it. THere was only one string,
Click to expand...
called "qhyfufhd.exe" that was present in the HKEY_Current... key that was
in the directory where the "virus" was running before...on my C:/Windows
directory. So I deleted it. I found no like-named files in the system
search, but I re-booted twice, and everything seems normal, and no wierd
..exe files in process. If QHYFUFHD.exe is a legitimate file, please let me
know...I may have deleted something I need.
 
Back
Top