When reviewing my running processes I find files like
kdflkm.exe, kefobu.exe and others that have no description
or publisher and are located in c:\windows\system32 on my
computer. I'm a beginner at using anti-spyware. Can I
assume that all such undocumented files are probably
malicious and get rid of them? Thanks.
Additionally to what Robin Walker says, if you want to get rid of
suspections about these files, try to clean the system using the following
hints:
First of all - send a Suspected Spyware Report through the Tools menu of
MSAS to the SpyNet.
Then turn off the System Restore: Start-> right click on My
computer ->Properties -> System restore -> select the box ' Turn off system
restore ' and press Apply, then exit.
(Remember to turn it on - i.e. deselect that box - again after cleaning the
system!!)
Next start the computer in the Safe mode (F8 during boot-up), run Windows
Explorer, go to your profile temporary folders (usually C:\Documents and
Settings\username\local settings\temp and c:\Documents and
Settings\username\local settings\Temporary Internet Files\Content.IE5) and
delete all the files in those directories and subdirectories. Then do a full
system scan with MS AntiSpyware (check the proper option under Scan
settings). Scan the computer with the antivirus software that you use. And
also with some other "cleaning" software such as:
Spybot Search&Destroy
http://www.spybot.info/en/index.html
HijackThis
http://www.tomcoyote.org/hjt/
CWShredder
http://www.majorgeeks.com/download3019.html
Ad-Aware SE Personal
http://www.lavasoft.com/software/adaware/
McAfee Stinger
http://vil.nai.com/vil/stinger/
If you run HijackThis you can check the log it prepares - just copy and
paste it to the
http://www.hijackthis.de web page and click analyze button.
Need a free antivirus? Try this one
http://www.free-av.com
And protect your system with antispyware, antivirus and firewall software.
Keep this software up to date.
Also KEEP THE SYSTEM UP TO DATE (
http://www.windowsupdate.com)
