AMD64.exe - closes Task Manager, Regedit, Msconfig immediately

[Guest]

- Just a heads up for those that might encounter this problem.
AMD64.exe - closes Task Manager, Regedit, Msconfig immediately

- Since you cannot end its process by using Task Manager then you could use
a third party program such as Spybot Search & Destory to end it. Select Mode
at the top and select Advance Mode. At the bottom is Tools and then select
Process List. AMD64.exe would probably bet here.

Removal of it would be required from startup through the registry. It does
sneak into the RunOnce section as well once terminated as a process. Check
both HKCU and HKLM registry sections.

 

[Rick \Nutcase\ Rogers]

It does that because amd64.exe is a virus, not a system file. Any updated AV
worth its salt should catch this.

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP

Associate Expert - WindowsXP Expert Zone

Windows help - www.rickrogers.org

 

[Guest]

AMD64.exe can also be part of Sun Java's Runtime enviroment created for the
64bit AMD proccessor.

http://java.sun.com/j2se/1.5.0/install-windows-64.html

 

[Rick \Nutcase\ Rogers]

Hi Ron,

Could be, but this one is closing down the system tools.

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP

Associate Expert - WindowsXP Expert Zone

Windows help - www.rickrogers.org

 

[Guest]

It was only an issue that I was working on with a client of mine. I work for
MS. The issue is resolved. It took a bit of time to determine the caues of
his entire issue (not just the AMD64.exe issue) so I felt that I should post
it here to help others as this place is one of the many that I go to for
assistance when I am unsure on certain things during troubleshooting. This
is a great place. I am glad that it is here for all of us.

 

[Rick \Nutcase\ Rogers]

Hi,

Could you post your findings in more detail? Shared knowledge is the whole
point of these groups.

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP

Associate Expert - WindowsXP Expert Zone

Windows help - www.rickrogers.org

 

[Guest]

Well, I use a tool called "Startup Control Panel" with my clients
(www.mlin.net) to quickly remove startup items (and use
www.castlecops.com/StartupList.html for startup item information, Google.com
as a second choice). Since AMD64.exe kept showing back on the list then that
lead to believe it was running in the background which we had to end its
process in order to remove its startup item from loading with Windows. Since
Task Manager and MSCONFIG would not load due to AMD64.exe I was glad that my
client had Spybot installed. (we could have downloaded it but it was nice
that he had it). We used Spybot's advance features to end AMD64's process
and then removed it from the registry as a startup item. Of course this
would have been more productive in Safemode.

I normally use Hijackthis but only in hijack situations. I'd hate to have a
client that may not be that great with computers to start using hijackthis
without having some sort of knowledge about the tool. Startup Control Panel
is just about as basic as a tool can be.

 

[Rick \Nutcase\ Rogers]

Hi,

Thanks for the input. I agree as well that HJT is a dangerous tool in the
wrong hands. A good warning to heed.

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP

Associate Expert - WindowsXP Expert Zone

Windows help - www.rickrogers.org