Anybody Knows what bekahz.exe is?

Hi there, I'm interested in any info about this exe: bekahz.exe, it has some reference to a Cryptographic Service. i've tried in google but nothing comes out.
Thanks for any help
Yabesita

 

Is something that's coming from Pluto

Have tried 60 search engines, results: zip, zero, nul, nichts, nothing, niks, nada

 

Are u sure u got the spelling of this file right?

Like Smokey, every search i try turns up nothing.



snowbound

 

I did a search using Copernic Agent Basic {http:www.copernic.com}, and only got a few hits:

1. The top two hits were in Russian, seemed to be referring to some Game:
http://www.game-exe.ru/ and http://chris.pirillo.com/

2. The fifth hit was Symantec's writeup on the "Jdbgmgr.exe" file hoax:
http://securityresponse.symantec.com/avcenter/venc/data/jdbgmgr.exe.file.hoax.html

3. The sixth hit was Symantec's writeup on the "SULFNBK.EXE" hoax:
http://www.symantec.com/avcenter/venc/data/sulfnbk.exe.warning.html

So I have to agree that I'm stumped too, what is it? Hehehe ...

 

Bekah Jenkins showed up here.........not bad

 

Last year I was in Alanya, Turkey, there was Bekah my favorite taxi driver.

 

Hi guys, let me start at the begining, i've been trying to get ride of several registry entries that I know are spyware o worms: wuam.exe, svcohst.exe, svxhost.exe, rpcxwinex.exe, msa.exe, windows24.exe... so as you see, that quite a work there. Now I've been using wintasks 5(wchich stop working for some reason), Ad-Adware SE, spywareblaster, and stinger, also I've install the DelDomains.inf, cwsserviceremove.zip, AboutBuster.zip. I ve run my spyware programs and they come with nothing, other than cookies. I have also ASO from Systweak Inc., and nothing work. I've deleted the registries in Safe Mode but the moment I restart there they are again. So I am looking for something I might be missing, and that might be this program, here is the full path, "F:\WINDOWS\System32\bekahz.exe". I've have been unable to find the EXEs in my SYSTEM32 file, nor the names mentioned before, but neither the ones tha refer to them that I have found in my search on the web, there is a cool website for this sort of thing antivirus.com, etc. So I think that i am missing something.
That's why I tried to find any info on that EXE as its the only one I don't recognize. May be this one be a virus,worm, spyware or the like?
Any help would be apretiated
Yabesita

 

U may want to post a HijackThis log at one of these sites,

http://a-sap.org/

to help clean out your system of all malware.



snowbound

 

Sorry dont know how to posted, I have a2hijackfree.exe but don't how to use just yet, been using it but for very short period. If you know how let me know and I'll do it
Yabesita

 

A2 HijackFree is a new prog and we are not familiar with it yet - it is still being developed.

What is meant is HijackThis 1.99 from here:- http://www.spywareinfoforum.com/~merijn/downloads.html

Here are a couple of simple tutorials on its use:-

http://www.tomcoyote.com/hjt/

http://www.bleepingcomputer.com/forums/index.php?showtutorial=42

They don't do HJT logs at Wilders any more, so you would have to post it at one of the sites listed in the link given by Snowbound

 

As a side question to your other problems....if it's the same file I have seen before....do you realize what the DelDomains.inf file actually does ? If you weren't aware....you have punched a hole in your layer of protection if you use SpywareBlasters Restricted Sites protection feature.

Code:

; DelDomains.inf
; Created by: Mike Burgess  Microsoft MVP
; http://mvps.org/winhelp2002/
;
; [B]Warning: Deletes all entries in the Restricted & Trusted Zone list[/B]
;

 

Ok snownound, I just posted a Hijackthis in a forum called Tom Coyote, do you know it? Anyway thank for all your advise
Yabesita

 

Hi there, I did it before instaling spywareblaster, and A2 Square Guard. I do hope that it was the right order. But any how, if there is a hole now how can I repaired it?
Yabesita

 

Yes i know it, and it is an excellent site.

Just be patient as sometimes it takes a while as many logs are posted there each day.

Post back here and let us know the results.


snowbound

 

I'lldo it
Yabesita

 

As long as you understand what that file actually does....what order it is done in would be left for you to decide....As long as you understand what that file actually does.

As far as Spywareblaster goes....if you enable or enabled it's Restricted Sites protection....you have at least plugged the hole up with some protection.

Also....if IE is the browser you use for day to day....I would suggest you also consider adding IE-Spyad as another layer of protection while using IE.

 

where is it on your system? Inside a program folder, inside win32??


Did you try to scan it with both local and online AV solutions?

 

Hey Bubba what is that means: "As long as you understand what that file actually does", I think you could explain it instead of just repeting the same thing, and also how to repair it.
Yabesita

 

Hi webyourbussiness, the file its on de Windows\System32 file.
I have tried with Panda on line, and with avast locally

Yabesita

 

Appologize if I assumed wrongly....but I assumed the Warning I posted in the # 11 post above was explanation enough

How best would you like for me to explain it....and I do not mean that dis-respectfully....since there could be a slight language barrier between you and I

The Warning that is from the DelDomains.inf you referenced above stated:

Warning: Deletes all entries in the Restricted & Trusted Zone list

Where would you like me to start my explanation ?

I will add....in case this is enough....there is no repairing to be done. You simply removed any and all entries from IE's Restricted and Trusted Zone when you ran the DelDomains.inf file.

 

Hi Bubba, no problem, I just got kind of unsecure about it, but its Ok.
What I understand is just what it says in the warning. Now I asumed that once all the entries were delete IE would just start over from cero to build a new set of entries. I am a little inexperienced so I may have done something stupid by doing that.
On another note, your link to IEspyad was broken.
And another thing, do I write english so badly ? spanish is my motherlanguage and it has been a long time sinds I wrote in english. Anyway, sorry for any missunderstandig.
And thanks for replaying so quickly.
Yabesita

 

Hmmm....just checked that link with IE and it still works on my end. Perhaps someone else coming along will also confirm one way or the other.

I feel your doing a marvelous job

I hope I did not sidetrack you to much from your task. I felt you needed to know what you deleted....since it appeared to me you didn't know what DelDomains.inf was.

Regards,
Bubba

 

Bubba,
The link work now for me too. I'll download it and run it. Thanks
Yabesita