Strange services appearing

As the computer seems to be running weird I took a look at my services and found three that all show to come from a temp folder that I can't find:

UR.exe
XYDKATM.exe
PYRXDHAOZHZ.exe

all supposedly running from a temp folder in a locals folder off of my documents and setting from the C: drive.

Nothing turned up on a google search, and I recall something about malware enjoying coming up with random names with some infections, so I thought it best to post here and ask for suggestions. I am running NAV 2007 and Kerio's FW, but that is about all of note. If there is not a good obvious reason, please advise in simple terms - I am one of those who knows just enough to get into trouble.

 

Try an online scanner such as Kaspersky's or Bitdefender's or both.

 

maybe this will have some relevance http://software.techrepublic.com.com/download.aspx?docid=217483 UR.EXE

 

Hi, folks: If any search can not help you solving the mystry and for the fact that these things come from your C:/ Documents and Settings/ local setting/temp, I would use internet history cleanner to wipe them out. They are very likely left behind by some program d/l installations. Wiping them out may not affect any programs' performance. Good luck.

 

Well best to check them out to *see* if they are known malware entities.

If you can upload the files to VirusTotal service for malware checking would be first point of call>>>
http://www.virustotal.com/en/indexf.html

This should hopefully confirm one way or another

So this software deletes in use files(running executables that load at bootup as service) ?

What still active services

 

Thanks - you reminded me of one of the things I forget in that I use Directory Opus and don't have that set for hidden directories, but have my WE set to show them - just to try to prevent me from doing anything stupid on reflex. Anyway, using WE on examination they all showed up as being part of some rootkit detection method I must have twiddled with at some point.

Still, the computer intermittently is killing and restoring it's network connection and I am getting strange desktop refreshes, along with some sluggish behavior. Kaspersky did not turn up anything, and I still want to try the other mentioned.

I just don't know, but maybe, as much as I hate it, it is time to wipe the C: drive clean, where all the OS - Windows XP Pro - is, and wipe clean the D: drive with all the program files. I stick a fair share over on E: as that is where I have most of my documents and settings, so I should probably kill everything except for the My Documents tree, and hope that if it's a bug it will be gone, if it's just too much accumulated trash it will be gone.

If I picked up a bad rootkit somewhere somehow, outside of it being re-installed by an executable, how would one properly overwrite the area that such would reside in? Would re-writing the mbr be of help? I guess the question gets down to how much do I have to nuke until I know this computer has been sterilized and anything going on is the result of a new installation rather than something I could have killed off? I am fairly comfortable that all the items in My Documents are safe (not positive, just fairly certain).

Thanks for the thoughts!
-Old Bruce

 

Hi B

It sounds to all intents and purposes your machine has *issue's* but hold the phone on the full R&R afterall there is always *repair install of OS* as 2nd from last ditch recovery.This will rewrite MBR table IRC

Your symptons described would match the form of a malware infection,so just to rule in/out
I would give a runout of the following 2 botkillers.Both offer free fully functioning detection& cleaning engines
http://forums.superantispyware.com/
http://free.grisoft.com/doc/20/lng/us/tpl/v5