« previous next »
Pages: [1]   Go Down

Author Topic: New suspect file  (Read 3089 times)

0 Members and 1 Guest are viewing this topic.

Vic

  • Guest
New suspect file
« on: November 06, 2006, 08:45:25 PM »
Got a new file appeared today in the task manager and nothing appears when I google the file/process name and avast doesnt pick anything up when I scan the file. The filename is klggvsvjpj.exe. It appears in the c:/windows/system32 folder size 564 kb, and in the prefetch folder as KLGGVSVJPJ.EXE-12E91F45.pf .The exe can sometimes use up to 30%-40% of total processor speed on my poor old machine the rest of the time its at 1%. Its memory footprint is currently 6424k. My machine is running "windoze" xp sp2. I cant find anything on the net at all which is strange to say the least. Usually you get some sort of match. Cant even get one with a partial file name search.
Logged

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: New suspect file
« Reply #1 on: November 06, 2006, 08:56:32 PM »
I suppose avast does not detect it...
With this name, I won't be affraid to use KillBox to delete it.
http://www.killbox.net/help.html

The better will be test the file against on-line scanners. Submit the file to:
Virustotal
Jotti

Full computer scanning:
Kaspersky
Trendmicro housecall
Ewido

Also, you could try a-squared, Free AVG Antispyware, SUPERantispyware or Spyware Terminator (trojan removers).
Logged
The best things in life are free.

Vic

  • Guest
Re: New suspect file
« Reply #2 on: November 06, 2006, 09:30:31 PM »
Thanks for the file links. Sent a copy to Virustotal for scanning just waiting on reply.
Was already running an adaware scan and it came up with this in the report.

52 [klggvsvjpj.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 2900
    ThreadCreationTime : 06-11-2006 19:11:16
    BasePriority       : Normal
    FileVersion        : 5.1.2700.0 (NT client.010817-1148)
    ProductVersion     : 5.1.2700.0
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Actualizaciones automáticas
    InternalName       : winupdaters.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : winupdaters.exe

I always thought windows update was part of the os not a separate exe?

Whilst typing this reply the Virustotal completed all clear except for the Panda result which claims W32/Spybot.AFJ.worm. Will try the second link.
Logged

Vic

  • Guest
Re: New suspect file
« Reply #3 on: November 07, 2006, 02:57:07 AM »
Anyone else who gets this file better hope they have an up to date backup. Tried all virus progs I could find and none could remove it. Also used the instructions on a website to remove it with hijackthis! It dont work. Now using my latest backup that is not infected. Hope anyone else has better luck than me. TTFN
Logged

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: New suspect file
« Reply #4 on: November 07, 2006, 12:39:47 PM »
Quote from: Vic on November 07, 2006, 02:57:07 AM
Tried all virus progs I could find and none could remove it.
Did you try KillBox?
Logged
The best things in life are free.
Pages: [1]   Go Up
« previous next »