Strange services appearing

Discussion in 'malware problems & news' started by brucemc, May 15, 2007.

Thread Status:
Not open for further replies.
  1. brucemc

    brucemc Registered Member

    Joined:
    May 27, 2004
    Posts:
    44
    As the computer seems to be running weird I took a look at my services and found three that all show to come from a temp folder that I can't find:

    UR.exe
    XYDKATM.exe
    PYRXDHAOZHZ.exe

    all supposedly running from a temp folder in a locals folder off of my documents and setting from the C: drive.

    Nothing turned up on a google search, and I recall something about malware enjoying coming up with random names with some infections, so I thought it best to post here and ask for suggestions. I am running NAV 2007 and Kerio's FW, but that is about all of note. If there is not a good obvious reason, please advise in simple terms - I am one of those who knows just enough to get into trouble.
     
  2. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Try an online scanner such as Kaspersky's or Bitdefender's or both.
     
  3. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
  4. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: If any search can not help you solving the mystry and for the fact that these things come from your C:/ Documents and Settings/ local setting/temp, I would use internet history cleanner to wipe them out. They are very likely left behind by some program d/l installations. Wiping them out may not affect any programs' performance. Good luck.
     
  5. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    Well best to check them out to *see* if they are known malware entities.

    If you can upload the files to VirusTotal service for malware checking would be first point of call>>>
    http://www.virustotal.com/en/indexf.html

    This should hopefully confirm one way or another ;)



    So this software deletes in use files(running executables that load at bootup as service) ?

    What still active services o_O
     
  6. brucemc

    brucemc Registered Member

    Joined:
    May 27, 2004
    Posts:
    44
    Thanks - you reminded me of one of the things I forget in that I use Directory Opus and don't have that set for hidden directories, but have my WE set to show them - just to try to prevent me from doing anything stupid on reflex. Anyway, using WE on examination they all showed up as being part of some rootkit detection method I must have twiddled with at some point.

    Still, the computer intermittently is killing and restoring it's network connection and I am getting strange desktop refreshes, along with some sluggish behavior. Kaspersky did not turn up anything, and I still want to try the other mentioned.

    I just don't know, but maybe, as much as I hate it, it is time to wipe the C: drive clean, where all the OS - Windows XP Pro - is, and wipe clean the D: drive with all the program files. I stick a fair share over on E: as that is where I have most of my documents and settings, so I should probably kill everything except for the My Documents tree, and hope that if it's a bug it will be gone, if it's just too much accumulated trash it will be gone.

    If I picked up a bad rootkit somewhere somehow, outside of it being re-installed by an executable, how would one properly overwrite the area that such would reside in? Would re-writing the mbr be of help? I guess the question gets down to how much do I have to nuke until I know this computer has been sterilized and anything going on is the result of a new installation rather than something I could have killed off? I am fairly comfortable that all the items in My Documents are safe (not positive, just fairly certain).

    Thanks for the thoughts!
    -Old Bruce
     
  7. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    Hi B

    It sounds to all intents and purposes your machine has *issue's* but hold the phone on the full R&R afterall there is always *repair install of OS* as 2nd from last ditch recovery.This will rewrite MBR table IRC:)

    Your symptons described would match the form of a malware infection,so just to rule in/out
    I would give a runout of the following 2 botkillers.Both offer free fully functioning detection& cleaning engines:)
    http://forums.superantispyware.com/
    http://free.grisoft.com/doc/20/lng/us/tpl/v5
     
    Last edited: May 15, 2007
Loading...
Thread Status:
Not open for further replies.