unknow .exe

[Guest]

Hi, In the past several weeks, there are unknown file with names like

194729.exe or
26b9e97.exe
install in the c:\Documents and Settings\user name\Local Settings\Temp\
directory.

Each file has a file size of 24 and the time stamp of all files is on the
hour, i.e., there is one file installed on the clcok each hour. It ran by
itself and generate a dos window and an error message that file causes a
problem.

It caused no other problems and I just deleted the files in the past two
weeks until this morning I could not turn on my computer at all. I got a blue
screen with full creen of messages of errors and the machine is shot down and
reboot again by itself. The blue screen with error messages happened at
different points before the windows desktop screen starts (after typing my
user id and password).

Anyone know if the two problems are related and what happened? Thanks

 

[Malke]

Hi, In the past several weeks, there are unknown file with names like

194729.exe or
26b9e97.exe
install in the c:\Documents and Settings\user name\Local
Settings\Temp\ directory.

Each file has a file size of 24 and the time stamp of all files is on
the hour, i.e., there is one file installed on the clcok each hour. It
ran by itself and generate a dos window and an error message that file
causes a problem.

It caused no other problems and I just deleted the files in the past
two weeks until this morning I could not turn on my computer at all. I
got a blue screen with full creen of messages of errors and the
machine is shot down and reboot again by itself. The blue screen with
error messages happened at different points before the windows desktop
screen starts (after typing my user id and password).

Anyone know if the two problems are related and what happened? Thanks

The files you mention certainly are typical of malware/virus infection.
What does a scan with a current (no earlier than 2003) antivirus using
updated definitions show? If you don't have one, you need to get one
immediately. I don't know about your second error, since you don't give
us the text of any of the error messages. Can you get into Safe Mode?
If so, try running your av there (which you should do anyway). If you
don't have an antivirus, you can try getting TrendMicro's SysClean and
running it in Safe Mode. Read the instructions carefully.

Malke

 

[Guest]

Thanks for your advice. The Symantec AntiVirus scan shows no virus. The
TrendMicro's SysClean scan shows on virus but no indication of the name of
the virus.

At the mean time, the xxxxxx.exe files are still being installed on my
computer sharp on the hour each hour. The message came after the DOS window
excuting the program shows"16 bit MS-DOS Subsystem, The NTVDM CPU has
encountered an illegal instruction. CSiofu IPec7 OP:ff ff ff ff ff choose
'close' to terminate application."

Any Advice?

 

[Malke]

Thanks for your advice. The Symantec AntiVirus scan shows no virus.
The TrendMicro's SysClean scan shows on virus but no indication of the
name of the virus.

At the mean time, the xxxxxx.exe files are still being installed on my
computer sharp on the hour each hour. The message came after the DOS
window excuting the program shows"16 bit MS-DOS Subsystem, The NTVDM
CPU has encountered an illegal instruction. CSiofu IPec7 OP:ff ff ff
ff ff choose 'close' to terminate application."

Is your NAV current (not earlier than 2003) and are its definitions
updated? Did you run both NAV and Sysclean in Safe Mode? Sysclean does
have a log. If you deleted it, run Sysclean - in Safe Mode - again and
this time look at the log and the locations of the virus. You have to
find the file(s) and delete them. Make sure you have enabled viewing
all hidden files and extensions. If you can't do this yourself - and it
is no shame to admit this - then take the machine to a good local
professional (not a BestBuy or CompUSA type of store) and have them
clean it. Be thorough in giving them details of the problem.

Good luck,

Malke

 

[Lester Stiefel]

Thanks for your advice. The Symantec AntiVirus scan shows no virus. The
TrendMicro's SysClean scan shows on virus but no indication of the name of
the virus.

At the mean time, the xxxxxx.exe files are still being installed on my
computer sharp on the hour each hour. The message came after the DOS window
excuting the program shows"16 bit MS-DOS Subsystem, The NTVDM CPU has
encountered an illegal instruction. CSiofu IPec7 OP:ff ff ff ff ff choose
'close' to terminate application."

Any Advice?

These problems are definitely related. If you haven't
accumulated any valuable data, I suggest reformat/reinstall,
as you cannot access pc through normal ways. Several of your
system drivers are probably corrupted/erased.
--
Lester Stiefel
In 2 Timothy 3:1-7, there is a list of the qualities that
Unregenerate man will have in the last days. Is your quality
found there? If So, don't despair - Christ came to save His
people.

 

[Guest]

Thanks again. My NAV is updated and current. I ran Sysclean in Safemode. It
found four viruses and cleaned them. However, The blue screen of lots of
message still shows up at vraious points of the startup process and restart
the computer right away.

I found that the blue screen and restart only happens when the internet
cable is connected. sometime kept pressing the F1 and F2 keys also could
start the windows without seeing that blue screen that forces the computer
restarts.

The following is a list of the Processes running on my computer with my user
name attached. Will any of these cause the problem?

sysclean.exe
conime.exe
explorer.exe
ctfmon.exe
teatimer.exe
rundll32.exe
LVComS.exe
qttask.exe
realsched.exe
nwtray.exe
prism.exe
wscntfy.exe
alg.exe
logiTray.exe