Anybody heard of akmbed.exe ?? (Windows virus?)

[Rocketman]

A friend called me saying that he's having problems with a Windows 2000
executable called akmbed.exe. It's located in the C:\WINNT directory.

He says his PC is on its knees - programs won't run, can't connect to the
'net, shutdown takes forever. Virus scanners (several including AVG and
Symantec/Norton) keep finding akmbed.exe and unsetting the registry key; but
then it comes back. Weird.

I suggested that he rename the file to akmbed.OLD. Now he can run programs;
but still can't connect to the 'net. Doesn't look good. This is very likely
a virus or malware executable. He's been running anti-virus checks on all
incoming email. This must have come in some other way.

I've scoured the 'Net looking for info on this executable, akmbed.exe. It
sure looks like either malware or a virus to me. Any ideas? Is this
something new? How could it be hijacking his entire system like that?
Where did it come from, and how does he get rid of it?

R

 

[David Baxter]

I've scoured the 'Net looking for info on this executable, akmbed.exe. It

sure looks like either malware or a virus to me. Any ideas? Is this
something new? How could it be hijacking his entire system like that?
Where did it come from, and how does he get rid of it?

Hmm, can't help with where it came from... and a quick google search didn't
return anything of use.
It would help to know what the actual virus is - what did Norton and AVG
detect it as?

Dave

 

[Buffalo]

Have him run the virus checkers in Safe Mode.
It may be adware or spyware.

From a reply by Glee:
"Update your anti-virus app and then run a full-system virus scan.

Use CWShredder, the CoolWeb removal tool, available here:
http://computercops.biz/downloads-cat-14.html
http://www.majorgeeks.com/downloads31.html
http://aumha.org/downloads/cwshredder.zip

In addition, install Ad-Aware 6 free edition, start it, click its 'Check for
Updates' link in the app to install updates, then use it to scan your
system, and remove what it finds.
Ad-Aware:
http://www.lavasoftusa.com/support/download/

Install, update and run SpyBot Search & Destroy, scan your system, and then
remove the items in RED only.
SpyBot S&D:
http://www.safer-networking.org/index.php?page=download

Download, unzip, and run Hijack This from one of these locations:
http://computercops.biz/downloads-cat-14.html
http://www.majorgeeks.com/downloads31.html
http://www.spywareinfo.com/downloads/tools/HijackThis.exe
Unzip to a folder other than your Desktop or the Temp folder, doubleclick
HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save
Log" button.
Press that, save the log somewhere you can find it (Desktop, My Documents,
or similar).
Most of what it lists will be harmless or even required, so do NOT fix
anything yet.

Copy the log files and paste them into a new post at one of these forums:
http://forums.net-integration.net/
http://computercops.biz/forums.html
http://forums.spywareinfo.com/index.php?showforum=30
http://tomcoyote.org/forums/
http://www.lavasoftsupport.com
http://boards.cexx.org/

The folks there will tell you what to remove.

A tutorial for using Hijack This is located here:
http://aumha.org/a/hjttutor.htm "

Please post back if any on this helps.
He may have to have someone copy these programs to a CD or some floppies for
him.
Buffalo