Things in system configuration

[Elton]

I have some things that startup on my computer that have
never been there before. I was wanting to know what they
are and what they do. The first is linked to a file
under the directory C:\WINDOWS\System32\paevui.exe. The
second is C:\WINDOWS\alchem.exe. And finally the last is
C:\Program Files\WindowsSA\omniscient.exe. If anyone can
give me insight as to what these are and what they do,
please send something back.

 

[Rob Schneider]

Search Google for these file names and you'll get some insights. They
seem to be nefarious software.

Hope this is useful to you. Let us know.

rms

 

[The Black Wibble]

I have some things that startup on my computer that have
never been there before. I was wanting to know what they
are and what they do. The first is linked to a file
under the directory C:\WINDOWS\System32\paevui.exe. The
second is C:\WINDOWS\alchem.exe. And finally the last is
C:\Program Files\WindowsSA\omniscient.exe. If anyone can
give me insight as to what these are and what they do,
please send something back.

Ditto what Rob said. You can also examine the properties of the file which
might yield useful information. As a last resort run regedit ( Start >
Run, and enter: regedit ) and search for entries with, for example, the name
paevui.exe in them. The name of the parent registry folder or the parent of
the parent registry folder containing "paevui" might help you identify what
the file is from.

Tony.

 

[Guest]

Get SPYBOT or ADWARE cause you have the Windows SearchAsst spyware threat
search function hijack. it is a level 10 threat. Big pain in the you know
what. I also suggest going to a online security and virus check and running
them like Symantec
Online Virus and Security Check

Sorry to bring bad news but Spybot should take care of it but make sure you
check for updates before you run it and also set it to check for all
categories oh yeah and boot in safe mode and shut of system restore just like
if you have a virus because there are files like the other one you listed
that wont let you delete them cause

Good Luck

 

[Rick \Nutcase\ Rogers]

Hi,

The first one (paevui.exe) is a randomly named trojan. More on this below.
The others are spyware programs (BHO's actually) and can usually be removed
with Adaware from www.lavasoft.de (the basic version is free).

Trojan simple removal steps:

Restart in Safe mode by hitting F8 as Windows first begins to load on boot.
Logon as administrator.

Start/search/files and folders, look for <filename> and delete it wherever
it is found.

Start/run regedit, expand the + signs to look under these keys:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

Look in the right hand pane for the string or strings that load that file.
Delete just those strings that contain the reference. Do not delete other
strings or the keys from the left pane. Close the registry editor when
completed, make sure you check all strings.

Go to the Control Panel/System/System Restore tab. Check the box to "Turn
off system restore on all drives". Click apply/ok. This will remove all
restore points, however you don't want them back as some or all of them will
contain the virus depending upon how recently you got infected.

Restart the system normally. Go back to the Control Panel/System and restart
System Restore.

Update your antivirus software, run a full system scan.

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP

Associate Expert - WindowsXP Expert Zone

Windows help - www.rickrogers.org