Weird executables in start up??

W

W????n S.

I have googled for these with no luck. What would these exe. programs be
doing in the start up in "msconfig?"

C:\windows\ubfcmktm.exe
And:
C:windows\systme32\wuxzlywr.exe
And:
C:windows\system32\zzb.exe

I can uncheck them in "msconfig" and then I go back in there a few days
later and one of them is checked again?

Where are they coming from and what are they trying to do?

Any info would be appreciated.

Antivirus enabled as well as firewall.
Windows XP with all updates.


WS
 
W

W????n S.

My thought at first also.

However, I run adware, spybot, and pest patrol regularly and they find
nothing.

Anit virus is also clean as well.

Why can't I find them by searching Google?

Any other thoughts/ideas?

WS
 
S

Sharon F

My thought at first also.

However, I run adware, spybot, and pest patrol regularly and they find
nothing.

Anit virus is also clean as well.

Why can't I find them by searching Google?

Any other thoughts/ideas?

WS
Click to expand...

Viruses and worms have been known to morph their names to avoid detection.
Most antivirus programs will peg "virus like" activity but it's still
possible for one to slip in and evade detection for quite a while. Now we
have spyware doing the same thing.

Try a full system scan with your antivirus program. These are more thorough
than the realtime auto scans. Make sure your virus definitions are up to
date. Update your anti-spyware programs and run those again as well.

Whenever I run across seemingly nonsensical names, I check on them a bit
more closely. File properties sometimes tell you what company installed the
file. You can check the date the file was added to your system and search
for other files from the same day. You may be able to tie the files into a
the installation of a particular software package. HP, for example, has
some very weird names for some of their files! A search in the registry may
show up as a key for a software package.

If all of these things come to a dead end, I rename the files to see if any
thing yells about them being "missing." A popup at startup that says
<program> cannot find zzb.exe might appear and I'll recognize the program's
name. If nothing yells, delete the files. Continue to use safe computing
skills and hopefully no more odd named files will appear.
 
S

Sharon F

W????n S. said:
My thought at first also.

However, I run adware, spybot, and pest patrol regularly and they find
nothing.

Anit virus is also clean as well.

Why can't I find them by searching Google?

Any other thoughts/ideas?

WS
Click to expand...

Found this link for a adware that uses random 8 letter names for DLL files.
It appears you're dealing with similar but EXE files instead.
http://sarc.com/avcenter/venc/data/adware.iagold.html

You may want to try visiting one of the sites that can check your system
online for parasites: http://www.aumha.org/a/noads.htm

And just in case you've picked up a virus that's disabled your antivirus,
should probably visit one of the online A/V sites too:
If you think you have a virus and you think your AV program may be affected,
try one of the online scanners. Here's links to just a few of those that are
available:

http://www.pandasoftware.com/activescan/
http://security.symantec.com/default.asp?productid=symhome&langid=ie&venid=sym
http://housecall.trendmicro.com/
http://www3.ca.com/virusinfo/virusscan.aspx
 
S

Steve Tzanis

W????n S. wrote:
My thought at first also.

However, I run adware, spybot, and pest patrol regularly and they
find nothing.

Anit virus is also clean as well.

Why can't I find them by searching Google?

Any other thoughts/ideas?

WS


Found this link for a adware that uses random 8 letter names for DLL
files. It appears you're dealing with similar but EXE files instead.
http://sarc.com/avcenter/venc/data/adware.iagold.html

You may want to try visiting one of the sites that can check your
system online for parasites: http://www.aumha.org/a/noads.htm

And just in case you've picked up a virus that's disabled your
antivirus, should probably visit one of the online A/V sites too:
If you think you have a virus and you think your AV program may be
affected, try one of the online scanners. Here's links to just a few
of those that are available:

http://www.pandasoftware.com/activescan/
http://security.symantec.com/default.asp?productid=symhome&langid=ie&v
enid=sym http://housecall.trendmicro.com/
http://www3.ca.com/virusinfo/virusscan.aspx

Thanx that helped
 
S

Sharon F

W????n S. wrote:
My thought at first also.

However, I run adware, spybot, and pest patrol regularly and they
find nothing.

Anit virus is also clean as well.

Why can't I find them by searching Google?

Any other thoughts/ideas?

WS
Click to expand...

You updated AdAware, Spybot S&D and your antivirus before doing the
scanning? And scanned at third party sites? The programs that you have
installed can only tag and remove things that they know about. If the
programs aren't up to date, they could be incapable of detecting the cause.

Why aren't the names find-able on Google?

1) If you have something on the system producing random random names, you
may be the only person on earth that has those file names. What you could
do is make a copy of one of those files and submit it to the antivirus
company for analyzing.

2) May belong to an obscure program that you've installed. Have you tried
matching the dates of the files with others yet to see if they belong to
some software package?

The odd names and persistent startup behavior justifies regarding these
files with suspicion. You've already tried un-checking them in MSCONFIG.
You know that Windows can start without the files. Next thing you could try
is moving them off to another folder. You will get an error about missing
files at startup but that message might at least tell you what program is
looking for them.
 
W

W????n S.

Sharon F said:
You updated AdAware, Spybot S&D and your antivirus before doing the
scanning? And scanned at third party sites? The programs that you have
installed can only tag and remove things that they know about. If the
programs aren't up to date, they could be incapable of detecting the cause.

Why aren't the names find-able on Google?

1) If you have something on the system producing random random names, you
may be the only person on earth that has those file names. What you could
do is make a copy of one of those files and submit it to the antivirus
company for analyzing.

2) May belong to an obscure program that you've installed. Have you tried
matching the dates of the files with others yet to see if they belong to
some software package?

The odd names and persistent startup behavior justifies regarding these
files with suspicion. You've already tried un-checking them in MSCONFIG.
You know that Windows can start without the files. Next thing you could try
is moving them off to another folder. You will get an error about missing
files at startup but that message might at least tell you what program is
looking for them.
Click to expand...

Sharon,

Thanks for all your input. Been a little busy. I do update all spyware
detectors very often as well as AV. I am not a regular installer of software
per sey, since most of my applications are installed and that is what I use,
period. I do not randomly install software simply to try it out. Basically I
am a power gamer and I keep the machine as lean as possible.
I will look into all your suggestions, however.

P.S. I do recall trying to delete one of those files in the WINDOWS folder
once and it said that the program was in use. I will try again in safe mode
and see what gives.

Thanks again!

WS
 
S

Sharon F

Sharon,

Thanks for all your input. Been a little busy. I do update all spyware
detectors very often as well as AV. I am not a regular installer of software
per sey, since most of my applications are installed and that is what I use,
period. I do not randomly install software simply to try it out. Basically I
am a power gamer and I keep the machine as lean as possible.
I will look into all your suggestions, however.

P.S. I do recall trying to delete one of those files in the WINDOWS folder
once and it said that the program was in use. I will try again in safe mode
and see what gives.

Thanks again!
Click to expand...

You're welcome! You may want to follow up on sending copies of those files
to your antivirus vendor for analyzing. If the results come back negative
(no virus found), you can at least breathe a little easier while you
continue in your attempts to figure out what these files are.
 
W

W????n S.

Sharon F said:
You're welcome! You may want to follow up on sending copies of those files
to your antivirus vendor for analyzing. If the results come back negative
(no virus found), you can at least breathe a little easier while you
continue in your attempts to figure out what these files are.
Click to expand...

Sharon,

I did go into safe mode and was able to delete another random 8 letter
executable. I sent it to my AV vendor and I will see what comes of that.

Thanks again,

WS
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

?? Windows Registry corrupted 8
kernels64.exe 3
SSdiag issue on start up 1
Startup Error 4
start up problem 2
start up question 1
Stop messenger on start-up. 4
Stop Messenger on start-up 1

Top