Author Topic: Canada.exe (Read 6276 times)

Drago494 · « **on:** July 08, 2005, 03:08:35 AM »

Does anyone have any clue what the hell this thing is? It's been bugging me to death for the past 15 minutes...ehehe...15 minutes...

Anyways, I've deleted a few of the .exes labeled canada.exe along with their shortcuts, but I'm 100% certain that there is a .dll file along with it that keeps bringing it back.

Anyone else get this bug? Or am I the only one?

Lisandro · « **Reply #1 on:** July 08, 2005, 03:19:46 AM »

To know more, maybe Google...
If you find a virus keeps coming back after you delete it, it's most probably infected the System Restore folder, the best way to solve this is to disable System Restore, reboot your machine and then enable it again. After all, run a full avast! scanning. System Restore cannot be disabled on Windows 9x.

Enable/Disable System restore on Windows ME: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q264887
Enable/Disable System restore on Windows XP: http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;310405

Drago494 · « **Reply #2 on:** July 08, 2005, 03:25:54 AM »

This is a Windows 2000 OS. Will this work?

Lisandro · « **Reply #3 on:** July 08, 2005, 03:30:15 AM »

Quote from: Drago494 on July 08, 2005, 03:25:54 AM

This is a Windows 2000 OS. Will this work?

For this feature, Windows 2k is the same of XP, I suppose...
Can you follow this:

Start > Control Panel > System > System restore > Disable
Click Apply
Enable it again
Click Ok

Drago494 · « **Reply #4 on:** July 08, 2005, 03:35:00 AM »

Nope. I don't see a system restore anywhere. I guess 2000 doesn't come equipped with restore...which doesn't make sense to me at all but ok.

I think I might have to just install WinXP on this PC (friend's)

Lisandro · « **Reply #5 on:** July 08, 2005, 03:37:38 AM »

Can you tell us the name and the path of the infected recurring file?

Eddy · « **Reply #6 on:** July 08, 2005, 03:39:03 AM »

2K doesn't have system restore. Only ME and XP have that.

Canada.exe is a dialer.
To remove it:
Kill these processes:
desktopdir+\canada.exe
systemroot+\system32\canada.exe

Remove (if they excist) these files:
desktopdir+\canada.exe
desktopdir+\click me.lnk
profilepath+\start menu\click me.lnk
profilepath+\start menu\uninstall click me.lnk
systemroot+\system32\canada.exe

Drago494 · « **Reply #7 on:** July 08, 2005, 04:12:55 AM »

I tried all that. It keeps coming back. I'm pondering if I should just format or not...

Eddy · « **Reply #8 on:** July 08, 2005, 04:21:17 AM »

Follow the instructions on THIS PAGE

FreewheelinFrank · « **Reply #9 on:** July 08, 2005, 09:38:04 AM »

Hi Drago494,

There's really no need to reformat just because of a bit of poxy spyware on your system.

First of all, have you done a scan with Ad-Aware, Spybot and MS Anti-Spyware, preferably in safe mode?

Next, the file is coming back because you haven't killed the processes which are recreating it. A Google search will reveal several anti-spyware forum threads which identify processes which are associated with this malware. If the ones Eddy mentioned are not responsible, you need to do a search for canada.exe and make a note of the processes and files which are associated with it. Kill the processes and delete the files, or start your computer in safe mode where the processes will not be running and delete the files.

If this doesn't work, please post a HijackThis! log as described here:

http://www.bleepingcomputer.com/forums/tutorial42.html

Author Topic: Canada.exe (Read 6276 times)

Drago494

Canada.exe

Lisandro

Re: Canada.exe

Drago494

Re: Canada.exe

Lisandro

Re: Canada.exe

Drago494

Re: Canada.exe

Lisandro

Re: Canada.exe

Eddy

Re: Canada.exe

Drago494

Re: Canada.exe

Eddy

Re: Canada.exe

FreewheelinFrank

Re: Canada.exe