What is 5AST7B63DR@5DR?

  • Thread starter Thread starter jtpr
  • Start date Start date
J

jtpr

I have some kind of virus/spyware I cannot get rid of. The entry
5AST7B63DR@5DR appears in the run key in the registry pointing to a hidden
..exe file of a random name in the winnt\system32 directory. If you delete
the entry and the .exe a new one appears immediately with a new random .exe
file. Spybot, Adaware, and Norton do not clean it.

Not sure this is related, but I can no longer see any files in the right
pane of my windows explorer.

--
-Jim
©¿©¬

If you want to reply by email its --> ryan at jimryan dot com
Please use BCC and lets all avoid spam
 
Hi Jim

Im not an expert like quit a few of the pple here! but i have been learning
from them, what i would do is start the pc in safemode and then do a scan or
as you have tried already just delete it as most trojans can be just deleted
in safemode (F8)

ps wait untill someone else replies unless you see my advise as logical ;-)

Stephen

ps: adware can also be regularily updated.
 
jtpr said:
I have some kind of virus/spyware I cannot get rid of. The entry
5AST7B63DR@5DR appears in the run key in the registry pointing to a hidden
.exe file of a random name in the winnt\system32 directory. If you delete
the entry and the .exe a new one appears immediately with a new random .exe
file. Spybot, Adaware, and Norton do not clean it.
Click to expand...

Submit it to Norton. Maybe it is something new.
 
jtpr said:
I have some kind of virus/spyware I cannot get rid of. The entry
5AST7B63DR@5DR appears in the run key in the registry pointing to a hidden
.exe file of a random name in the winnt\system32 directory. If you delete
the entry and the .exe a new one appears immediately with a new random .exe
file. Spybot, Adaware, and Norton do not clean it.

Not sure this is related, but I can no longer see any files in the right
pane of my windows explorer.
Click to expand...

Damn, I've seen this pattern before but don't recall the details :(

Tools:
regedit
procexplorer from sysinternals.com
google

Something is restoring this thing ...
*Check all the run keys (run, runonce, runservice etc...) and do not forget
start/programs/startup, win.ini and system.ini
*Check IE settings: installed (activx) objects and remove what you don't
recognize, temp disable activex in all zones, remove searchbars, check
proxysettings
*Use procexplorer, set it to view dll's, look for suspicious processes/dll's.
Normal dll's have clear patterns in names and/or dates, right-click/properties
will give version/manufacturer etc... Use Google on anything suspicious.
*Some off this stuff simply installs in %programfile%, so look there for
anything you did not remeber install. And off course Configuration/Programs
 
Back
Top