Firewall blocked file

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I use McAfee firewall on a Windows XP machine that has a program file trying
to access the internet that I am unsure about allowing access. I cannot find
any information on the file to know if it something legit, or a spyware, etc.
The file is located in the C:\Windows\System32\uwyncsn.exe. If anyone knows
what this program file is, I would appreciate your assistance.
 
Hi Carol,

It's a trojan (virus) file. Follow these "relatively" simple removal steps:

Restart in Safe mode by hitting F8 as Windows first begins to load on boot.
Logon as administrator.

Start/search/files and folders, look for <filename> and delete it wherever
it is found.

Start/run regedit, expand the + signs to look under these keys:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

Look in the right hand pane for the string or strings that load that file.
Delete just those strings that contain the reference. Do not delete other
strings or the keys from the left pane. Close the registry editor when
completed, make sure you check all strings.

Go to the Control Panel/System/System Restore tab. Check the box to "Turn
off system restore on all drives". Click apply/ok. This will remove all
restore points, however you don't want them back as some or all of them will
contain the virus depending upon how recently you got infected.

Restart the system normally. Go back to the Control Panel/System and restart
System Restore.

Update your antivirus software, run a full system scan.

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP

Associate Expert - WindowsXP Expert Zone

Windows help - www.rickrogers.org
 
Thanks, Rick. It is a co-worker's home computer, and he's at work, so I will
give hime the instructions to try at home tonight. I am curious that I
searched both McAfee and Symantec and didn't find any info on the file. Do
you know which virus it is so I can let him know?

Thanks for your help.
 
Hi Carol,

It's a randomly named trojan, this is quite common (unfortunately). Once the
infecting agent is initiated on the target machine, it picks a random
assortment of characters as its name.

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP

Associate Expert - WindowsXP Expert Zone

Windows help - www.rickrogers.org
 
Back
Top