Registry key 79932434

  • Thread starter Thread starter jpBless
  • Start date Start date
J

jpBless

My XP/SP3 system recently got infected with Alpha (dubious) Antivirus. I
followed intsruction posted on the web to uninstall this malicious trojan.

Under registery:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

I found an entry 79932434.exe pointing to Windows prefetch folder...

I checked the folder and found the file (C:\Windows\Prefetch)
79932434.Exe/018DD50B.pf

The file's property indicated it was created about the same day my system
got infected. Does anyone about this file ... I want to be sure before
deleting the registry key

thanks
 
-------- Original-Nachricht --------
My XP/SP3 system recently got infected with Alpha (dubious) Antivirus. I
followed intsruction posted on the web to uninstall this malicious trojan.

Under registery:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

I found an entry 79932434.exe pointing to Windows prefetch folder...

I checked the folder and found the file (C:\Windows\Prefetch)
79932434.Exe/018DD50B.pf

The file's property indicated it was created about the same day my system
got infected. Does anyone about this file ... I want to be sure before
deleting the registry key

thanks
Click to expand...

If you search with Google for 79932434.exe you get 6 hits, ALL pointing
to your question ..

I think that anwers your question !

Bernd
 
My XP/SP3 system recently got infected with Alpha (dubious) Antivirus. I
followed intsruction posted on the web to uninstall this malicious trojan..

Under registery:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

I found an entry 79932434.exe pointing to Windows prefetch folder...

I checked the folder and found the file (C:\Windows\Prefetch)
79932434.Exe/018DD50B.pf

The file's property indicated it was created about the same day my system
got infected. Does anyone about this file ... I want to be sure before
deleting the registry key

thanks
Click to expand...

I don't know how the Google hits help the OP with the issue.

It is suspicious since it is not a Windows XP file and has been added
to your LM/run settings so it will start whenever your machine
starts. It looks like leftovers from some malicious software.

If you can't identify it, delete it.

Backup your registry first with this popular tool:

http://www.larshederer.homepage.t-online.de/erunt/

Run these scans:

Download, install, update and do a full scan with these free malware
detection programs:

Malwarebytes (MBAM): http://malwarebytes.org/
SUPERAntiSpyware: (SAS): http://www.superantispyware.com/

They can be uninstalled later if desired.

Remove the suspicious registry key, remove the executable if it still
exists, remove the .pf file from the Prefetch folder.

Reboot and check to see if everything is still gone and report results/
other issues.

Zero items automatically starting in HKLM and HKCU is a very good goal
if you can achieve it.
 
Yes I did search for 79932434.exe before posting this but did not get any
helpful info. Anyway thanks. I wanted to be absolutely sure!
 
Thanks for your response; very much appreciated. That registry key looked
super suspicious. Again thanks a lot


My XP/SP3 system recently got infected with Alpha (dubious) Antivirus. I
followed intsruction posted on the web to uninstall this malicious trojan.

Under registery:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

I found an entry 79932434.exe pointing to Windows prefetch folder...

I checked the folder and found the file (C:\Windows\Prefetch)
79932434.Exe/018DD50B.pf

The file's property indicated it was created about the same day my system
got infected. Does anyone about this file ... I want to be sure before
deleting the registry key

thanks
Click to expand...

I don't know how the Google hits help the OP with the issue.

It is suspicious since it is not a Windows XP file and has been added
to your LM/run settings so it will start whenever your machine
starts. It looks like leftovers from some malicious software.

If you can't identify it, delete it.

Backup your registry first with this popular tool:

http://www.larshederer.homepage.t-online.de/erunt/

Run these scans:

Download, install, update and do a full scan with these free malware
detection programs:

Malwarebytes (MBAM): http://malwarebytes.org/
SUPERAntiSpyware: (SAS): http://www.superantispyware.com/

They can be uninstalled later if desired.

Remove the suspicious registry key, remove the executable if it still
exists, remove the .pf file from the Prefetch folder.

Reboot and check to see if everything is still gone and report results/
other issues.

Zero items automatically starting in HKLM and HKCU is a very good goal
if you can achieve it.
 
Back
Top