Strange services appearing

Discussion in 'malware problems & news' started by brucemc, May 15, 2007.

Thread Status:
Not open for further replies.
  1. brucemc

    brucemc Registered Member

    Joined:
    May 27, 2004
    Posts:
    44
    As the computer seems to be running weird I took a look at my services and found three that all show to come from a temp folder that I can't find:

    UR.exe
    XYDKATM.exe
    PYRXDHAOZHZ.exe

    all supposedly running from a temp folder in a locals folder off of my documents and setting from the C: drive.

    Nothing turned up on a google search, and I recall something about malware enjoying coming up with random names with some infections, so I thought it best to post here and ask for suggestions. I am running NAV 2007 and Kerio's FW, but that is about all of note. If there is not a good obvious reason, please advise in simple terms - I am one of those who knows just enough to get into trouble.
     
  2. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,684
    Location:
    Toronto Canada
    Try an online scanner such as Kaspersky's or Bitdefender's or both.
     
  3. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,898
    Location:
    SW. Oklahoma
  4. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,161
    Hi, folks: If any search can not help you solving the mystry and for the fact that these things come from your C:/ Documents and Settings/ local setting/temp, I would use internet history cleanner to wipe them out. They are very likely left behind by some program d/l installations. Wiping them out may not affect any programs' performance. Good luck.
     
  5. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    Well best to check them out to *see* if they are known malware entities.

    If you can upload the files to VirusTotal service for malware checking would be first point of call>>>
    http://www.virustotal.com/en/indexf.html

    This should hopefully confirm one way or another ;)



    So this software deletes in use files(running executables that load at bootup as service) ?

    What still active services o_O
     
  6. brucemc

    brucemc Registered Member

    Joined:
    May 27, 2004
    Posts:
    44
    Thanks - you reminded me of one of the things I forget in that I use Directory Opus and don't have that set for hidden directories, but have my WE set to show them - just to try to prevent me from doing anything stupid on reflex. Anyway, using WE on examination they all showed up as being part of some rootkit detection method I must have twiddled with at some point.

    Still, the computer intermittently is killing and restoring it's network connection and I am getting strange desktop refreshes, along with some sluggish behavior. Kaspersky did not turn up anything, and I still want to try the other mentioned.

    I just don't know, but maybe, as much as I hate it, it is time to wipe the C: drive clean, where all the OS - Windows XP Pro - is, and wipe clean the D: drive with all the program files. I stick a fair share over on E: as that is where I have most of my documents and settings, so I should probably kill everything except for the My Documents tree, and hope that if it's a bug it will be gone, if it's just too much accumulated trash it will be gone.

    If I picked up a bad rootkit somewhere somehow, outside of it being re-installed by an executable, how would one properly overwrite the area that such would reside in? Would re-writing the mbr be of help? I guess the question gets down to how much do I have to nuke until I know this computer has been sterilized and anything going on is the result of a new installation rather than something I could have killed off? I am fairly comfortable that all the items in My Documents are safe (not positive, just fairly certain).

    Thanks for the thoughts!
    -Old Bruce
     
  7. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    Hi B

    It sounds to all intents and purposes your machine has *issue's* but hold the phone on the full R&R afterall there is always *repair install of OS* as 2nd from last ditch recovery.This will rewrite MBR table IRC:)

    Your symptons described would match the form of a malware infection,so just to rule in/out
    I would give a runout of the following 2 botkillers.Both offer free fully functioning detection& cleaning engines:)
    http://forums.superantispyware.com/
    http://free.grisoft.com/doc/20/lng/us/tpl/v5
     
    Last edited: May 15, 2007
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.