Registry key 79932434

J

jpBless

My XP/SP3 system recently got infected with Alpha (dubious) Antivirus. I
followed intsruction posted on the web to uninstall this malicious trojan.

Under registery:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

I found an entry 79932434.exe pointing to Windows prefetch folder...

I checked the folder and found the file (C:\Windows\Prefetch)
79932434.Exe/018DD50B.pf

The file's property indicated it was created about the same day my system
got infected. Does anyone about this file ... I want to be sure before
deleting the registry key

thanks
 
B

Bernd

-------- Original-Nachricht --------
My XP/SP3 system recently got infected with Alpha (dubious) Antivirus. I
followed intsruction posted on the web to uninstall this malicious trojan.

Under registery:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

I found an entry 79932434.exe pointing to Windows prefetch folder...

I checked the folder and found the file (C:\Windows\Prefetch)
79932434.Exe/018DD50B.pf

The file's property indicated it was created about the same day my system
got infected. Does anyone about this file ... I want to be sure before
deleting the registry key

thanks
Click to expand...

If you search with Google for 79932434.exe you get 6 hits, ALL pointing
to your question ..

I think that anwers your question !

Bernd
 
J

Jose

My XP/SP3 system recently got infected with Alpha (dubious) Antivirus. I
followed intsruction posted on the web to uninstall this malicious trojan..

Under registery:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

I found an entry 79932434.exe pointing to Windows prefetch folder...

I checked the folder and found the file (C:\Windows\Prefetch)
79932434.Exe/018DD50B.pf

The file's property indicated it was created about the same day my system
got infected. Does anyone about this file ... I want to be sure before
deleting the registry key

thanks
Click to expand...

I don't know how the Google hits help the OP with the issue.

It is suspicious since it is not a Windows XP file and has been added
to your LM/run settings so it will start whenever your machine
starts. It looks like leftovers from some malicious software.

If you can't identify it, delete it.

Backup your registry first with this popular tool:

http://www.larshederer.homepage.t-online.de/erunt/

Run these scans:

Download, install, update and do a full scan with these free malware
detection programs:

Malwarebytes (MBAM): http://malwarebytes.org/
SUPERAntiSpyware: (SAS): http://www.superantispyware.com/

They can be uninstalled later if desired.

Remove the suspicious registry key, remove the executable if it still
exists, remove the .pf file from the Prefetch folder.

Reboot and check to see if everything is still gone and report results/
other issues.

Zero items automatically starting in HKLM and HKCU is a very good goal
if you can achieve it.
 
J

jpBless

Yes I did search for 79932434.exe before posting this but did not get any
helpful info. Anyway thanks. I wanted to be absolutely sure!
 
J

jpBless

Thanks for your response; very much appreciated. That registry key looked
super suspicious. Again thanks a lot


My XP/SP3 system recently got infected with Alpha (dubious) Antivirus. I
followed intsruction posted on the web to uninstall this malicious trojan.

Under registery:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

I found an entry 79932434.exe pointing to Windows prefetch folder...

I checked the folder and found the file (C:\Windows\Prefetch)
79932434.Exe/018DD50B.pf

The file's property indicated it was created about the same day my system
got infected. Does anyone about this file ... I want to be sure before
deleting the registry key

thanks
Click to expand...

I don't know how the Google hits help the OP with the issue.

It is suspicious since it is not a Windows XP file and has been added
to your LM/run settings so it will start whenever your machine
starts. It looks like leftovers from some malicious software.

If you can't identify it, delete it.

Backup your registry first with this popular tool:

http://www.larshederer.homepage.t-online.de/erunt/

Run these scans:

Download, install, update and do a full scan with these free malware
detection programs:

Malwarebytes (MBAM): http://malwarebytes.org/
SUPERAntiSpyware: (SAS): http://www.superantispyware.com/

They can be uninstalled later if desired.

Remove the suspicious registry key, remove the executable if it still
exists, remove the .pf file from the Prefetch folder.

Reboot and check to see if everything is still gone and report results/
other issues.

Zero items automatically starting in HKLM and HKCU is a very good goal
if you can achieve it.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Registry Startup folder 7
Userinit Logon Application 0
PC Infected Full of TROJANS......Can’t Delete & Keep Coming Back!! 1
scripting 3
Missing Reg key for "show hidden files folders" 9
Deleted Lsa registry key. Computer no longer runs correctly. 6
Information from Registry 1
Common Files Folder opens at startup 7

Top