Strange .exe file in Windows

[Guest]

For the past few days, whenever i've tried shutting down my Windows XP program, i keep getting an error message that a file - jdfkhbej.exe is still running and the pop up asks if i want to cancel the shut down command or continue with it and lose any unsaved data. I'm worried that this strange file is a virus or something of that nature. I did a search - there are 2 of these files, one in the c:/windows/prefetch directory and the other in the c:/windows/system32 directory. Any ideas what this file is? I would like to delete it but am afraid that i may delete something that sd be there in the first place....thanks!!

 

[Kelly]

First rule of thumb is to never delete anything you didn't put there.
However, in this case, delete both of them and once done, run all of these:

Ad-Aware
http://www.lavasoftusa.com/

Spybot
http://tinyurl.com/btf8

CWShredder (Line 313)
http://www.kellys-korner-xp.com/xp_tweaks.htm

Hijack This
http://www.spychecker.com/program/hijackthis.html

Free Online Virus Scan
http://housecall.trendmicro.com/housecall/start_corp.asp

Good luck and keep us posted!

 

[Will Denny]

Hi

Have you virus-checked your system with latest definitions for your AV
program and also checked for any spyware that may be on your system:

Ad-Aware - www.lavasoftusa.com
Spybot - http://www.safer-networking.org/
CWShredder - http://www.spywareinfo.com/~merijn/downloads.html

Also see the following links:

http://mvps.org/winhelp2002/unwanted.htm
http://www.microsoft.com/security/articles/spyware.asp

--

Will Denny
MS-MVP Windows - Shell/User
Please reply to the News Groups


| For the past few days, whenever i've tried shutting down my Windows XP
program, i keep getting an error message that a file - jdfkhbej.exe is still
running and the pop up asks if i want to cancel the shut down command or
continue with it and lose any unsaved data. I'm worried that this strange
file is a virus or something of that nature. I did a search - there are 2 of
these files, one in the c:/windows/prefetch directory and the other in the
c:/windows/system32 directory. Any ideas what this file is? I would like to
delete it but am afraid that i may delete something that sd be there in the
first place....thanks!!

 

[Rick \Nutcase\ Rogers]

Hi,

Trojan (virus) file. Follow these "relatively" simple removal steps:

Restart in Safe mode by hitting F8 as Windows first begins to load on boot.
Logon as administrator.

Start/search/files and folders, look for jdfkhbej.exe and delete it wherever
it is found.

Start/run regedit, expand the + signs to look under these keys:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

Look in the right hand pane for the string or strings that load that file.
Delete just those strings that contain the reference. Do not delete other
strings or the keys from the left pane. Close the registry editor when
completed, make sure you check all strings.

Go to the Control Panel/System/System Restore tab. Check the box to "Turn
off system restore on all drives". Click apply/ok. This will remove all
restore points, however you don't want them back as some or all of them will
contain the virus depending upon how recently you got infected.

Restart the system normally. Go back to the Control Panel/System and restart
System Restore.

Update your antivirus software.

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP

Associate Expert - WindowsXP Expert Zone

Windows help - www.rickrogers.org

For the past few days, whenever i've tried shutting down my Windows XP

program, i keep getting an error message that a file - jdfkhbej.exe is still
running and the pop up asks if i want to cancel the shut down command or
continue with it and lose any unsaved data. I'm worried that this strange
file is a virus or something of that nature. I did a search - there are 2 of
these files, one in the c:/windows/prefetch directory and the other in the
c:/windows/system32 directory. Any ideas what this file is? I would like to
delete it but am afraid that i may delete something that sd be there in the
first place....thanks!!

 

[Guest]

Rick, Will and Kelly, thanks for your very helpful responses.

Rick, for a newbie like me, how do i Start/run regedit???

thanks again!

****************

 

[Rick \Nutcase\ Rogers]

Click start
Click run
Type "regedit" (without the quotes)
Click ok

You can also hit the winkey+r to open the run box and type it in. Please be
careful in the registry editor.

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP

Associate Expert - WindowsXP Expert Zone

Windows help - www.rickrogers.org

 

[Kelly]

Most welcome, but let the cleaners help you!

 

[Alex Nichol]

For the past few days, whenever i've tried shutting down my Windows XP program, i keep getting an error message that a file - jdfkhbej.exe is still running and the pop up asks if i want to cancel the shut down command or continue with it and lose any unsaved data. I'm worried that this strange file is a virus or something of that nature. I did a search - there are 2 of these files, one in the c:/windows/prefetch directory and the other in the c:/windows/system32 directory.

It certainly does not sound to be something you want around. I would
go to http://aumha.org/a/quickfix.htm and get and run the 'parasite'
checking tools it links to. Then Start - Run MSConfig.exe and see if
there is a reference to the file in the command column; if so uncheck
it. Exit - do not necessarily bother to reboot, but next time you do
there will be a message about 'System Configuration'. Check the 'Do not
show again' box and exit

 

[Alex Nichol]

Rick, for a newbie like me, how do i Start/run regedit???

On the Start menu, there ought to be a 'Run', on the right. Click it,
type regedit in the box and hit enter. If Run is not there, right click
on Start, take Properties, click Customise and there is a panel on the
Advanced page where you can check 'Run Command'

Regedit looks like explorer - a 'tree' on the left which you expand by
clicking in appropriate + boxes, and when you get to the item ('Key')
referred to, highlight that and probably change things in the *right*
pane. Either highlight an item there, hit delete, or double click in
its Name column to edit one. And by ready to hit ESC to get back out of
the edit if you realise you are making a mistake. It is good practice
to first highlight the item above in the left pane and File - Export so
you could easily restore things

If you *really* mess up with it, be ready to use
Start - All Programs - Accessories - System Tools - System Restore to
restore things back to yesterdays setup