Author Topic: aaa.exe like-files in Windows XP system32 folder  (Read 2834 times)

0 Members and 1 Guest are viewing this topic.

goa103

  • Guest
aaa.exe like-files in Windows XP system32 folder
« on: June 22, 2005, 12:53:09 PM »
Hello,

A friend of mine has Avast! installed and since a few days he gets aaa.exe like-files in his system32 Windows XP system folder. I searched for aaa.exe on this forum and found no message about that virus. From Google and other websites it seems it's a trojan virus but I don't know which one. Avast! doesn't detect it. These files are randomly launched by an unknown process and try to connect to the internet. He has Sygate firewall installed so he can manually block these connections.

How can he identify the virus with Avast! and clean his system ? He told me he even reinstalled Windows XP after formatting his HD at install but the problem remains... I thought the virus might be in his boot so a quick format didn't clean it... Not sure as I don't know how the virus operate.
« Last Edit: April 06, 2009, 06:36:27 PM by goa103 »

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: aaa.exe like-files in Windows XP system32 folder
« Reply #1 on: June 22, 2005, 02:20:21 PM »
If you are not getting a virus warning that you believe is an undetected virus, then if you can zip and password protect ('virus', will do) the suspect file and send it to virus @ avast.com (no spaces).

Give a brief outline of the problem, the fact that you believe it to be a new/undetected virus and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.

You could also check the offending/suspect file at: Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive.

First formatting and reinstalling is way over the top as a resolution to this problem. It is a physical impossibility for the problem to remain after a format and reinstall of XP, etc. a format wipes the whole disk. This is likely coming back because of either an unpatched vulnerability or the same way he got infected in the first place (same browsing habits, etc.), rather than it persists.  So I would question how he did the format?

If your friend hasn't already got this software (freeware), download, install, update and run it.
1. Ad-Aware
2. Spybot Search and Destroy
3. Spywareblaster

Also useful as a diagnostic tool - Download HiJackThis.zip - HJT Information HiJackThis Tutorial
For an on-line analysis - HiJackThis Log file - On-line Analysis
Ignore any 023 reference to avast processes, this is a hiccup in the HJT 1.99.1 (especially missing file entry for avast), if you need any help with any of the analysis let us know.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security