Our Success is in our members who value our strength as a valued community.
Forum Stats
12137 Members
65 Forums
72400 Topics
976204 Posts
60 posts in the last 24hrs
Max Online: 7831 @ 8th Apr 2013 4:18pm
Who's Online - Click Me
79 registered (alan128, 11 invisible), 1532 Guests and 265 Spiders online.
Key: Admin, Global Mod, Mod
Social Media : Follow Us


(Views 7days)This Weeks Most Read
Vet help 573
Another Big Waste Fire in Liverpool. 521
Talk Talk Security Breach 435
Anyone Read Chinese Writing 368
Another tree down on Arrowe park Road? 288
Mobile mechanic needed to fit a wishbone 259
That was kept a bit quiet? 245
RIP Peter Vaughan 193
Game shocking prices!!! 164
Cowhouses 161
New General Forums
Lib/dems rule the day
by JimmyG
2nd Dec 2016 10:59pm
Daft funny joke
by venice
2nd Dec 2016 5:54pm
We dont learn much.
by venice
1st Dec 2016 9:22pm
Freegle
by venice
1st Dec 2016 6:36pm
New Wirral History
Cowhouses
by Norton
Yesterday at 03:34 PM
Name help
by Paternoster21
3rd Dec 2016 8:03am
HMT Lancastria
by granny
2nd Dec 2016 11:38pm
Cubitts Holland and Hannen
by fish5133
27th Nov 2016 5:38pm
Fire station
by chris7777
22nd Nov 2016 12:24pm
Forum Tips
Photo Gallery Forums
fireworks on the Mersey last night
Hadlow train station
Topic Replies
Cowhouses
by fish5133
Today at 02:23 AM
Virgin broadband
by fish5133
Today at 02:18 AM
Iphone 5s, Grey, near mint condition, 50
by _Steve_
Yesterday at 09:59 PM
Merseyrail
by TheComputerLab
Yesterday at 09:14 PM
Steel frame with wheels
by anniebo28
Yesterday at 08:06 PM
Mountain bike carrera Vulcan 100 excellent cond
by TheComputerLab
Yesterday at 03:57 PM
Offline Monday
by Mark
Yesterday at 12:13 PM
Anyone Read Chinese Writing
by Tranquil
Yesterday at 01:44 AM
Talk Talk Security Breach
by eddtheduck
9th Dec 2016 10:46pm
December
M Tu W Th F Sa Su
1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31
Recent Posts : What's On ?
Wirral TUC Meeting re Update on Wallasey CLP Suspe
by RUDEBOX
30th Nov 2016 9:16pm
World Aids Day Event 2016. Liverpool
by RUDEBOX
30th Nov 2016 9:05pm
Topic Options
Rate This Topic
#279867 - 3rd Jan 2009 6:44pm ~.exe virus?
diggingdeeper Offline

Wiki Guardian

Registered: 9th Jul 2008
Posts: 9559
Loc: Birkenhead
I have a file ~.exe in c:windows\system32 directory/folder - does anybody know anything about his, it runs at boot somehow and tries to access the internet occasionally.

I strongly suspect this is a trojan keylogger (like somebody else on the net), but there is no mention by any of the virus people and only a couple of queries by punters.

It is not helped that google can't search for the tilde character ~

I can stop the process easy enough and it is well and truly blocked from talking to the internet.

For the moment I have renamed the file to stop it being run.

It is 8238 bytes long (9K), the only times it could have come onto my computer is either through an "Adobe Reader" update or a "Mozilla Thunderbird" update (which I might have OK'd without looking too closely), nothing else was given permission to run at about the time the file was created.

The only other funny that has happened recently was Windows Installer popping up sometimes looking for a CD that isn't there and asking me to insert a vdrive CD (I do have vdrive installed, but haven't used it for ages), this happens when I try to run programs that I use all the time from the hard drive, but happens only occasionally.

Any help appreciated.
_________________________
In a time of universal deceit - telling the truth is a revolutionary act. George Orwell

When the debate is lost, slander becomes the tool of the loser. Socrates

Top
Digital Wirral : Advertising
Click me for more Information......

* * * vipimages.co.uk - Photographic services * * *
Now Advertise with WikiWirral.
WikiWirral stats 35,000 Page Views a Day +500 Search Engines.. Click Me
#279871 - 3rd Jan 2009 6:48pm Re: ~.exe virus? [Re: diggingdeeper]
Mark Online   Reading


Wiki Master

Registered: 9th Nov 2003
Posts: 20966
Loc: Wirral
Check

msconfig

and see if its in the list to run at boot up.
You can probably get rid, run a malware program too.

Start >> RUN >>> msconfig wink (Type in the Run Box)
_________________________
My Avatar images are all from the Wirral Gallery.Click Me
Wow Wirral History is coming along Great! Wirral History

we get +200 new members a month now smile

Top
#279873 - 3rd Jan 2009 6:52pm Re: ~.exe virus? [Re: Mark]
diggingdeeper Offline

Wiki Guardian

Registered: 9th Jul 2008
Posts: 9559
Loc: Birkenhead
Thanks Mark - I had checked with Spybot startup tool, but YES it is there in msconfig under HKLM/Microsoft/Windows/currentversion/run

But I still don't know if it a goody or a baddy

Spybot and AVG don't recognise it as a baddy and none of the other virus companies mention it in there lists of baddies as far as I can see.


Edited by diggingdeeper (3rd Jan 2009 6:54pm)

Top
#279877 - 3rd Jan 2009 7:00pm Re: ~.exe virus? [Re: diggingdeeper]
Mark Online   Reading


Wiki Master

Registered: 9th Nov 2003
Posts: 20966
Loc: Wirral
HKLM/Microsoft/Windows/currentversion/run

That's where most of the virus sit,
as it will start.

Get rid mate, if it had a job to do it would have a name simple as.

Dont for get to turn off your system restore,
as the virus can hide in there too.

Turn system restore off,
remove the virus
re-boot
turn system restore back on smile
_________________________
My Avatar images are all from the Wirral Gallery.Click Me
Wow Wirral History is coming along Great! Wirral History

we get +200 new members a month now smile

Top
#279878 - 3rd Jan 2009 7:01pm Re: ~.exe virus? [Re: diggingdeeper]
Tony_1985 Offline

Forum Master

Registered: 19th Aug 2006
Posts: 2421
Loc: Ellesmere Port
delete it from the registry

reboot

then delete the file


that usually works

Top
#280092 - 4th Jan 2009 11:33am Re: ~.exe virus? [Re: Tony_1985]
diggingdeeper Offline

Wiki Guardian

Registered: 9th Jul 2008
Posts: 9559
Loc: Birkenhead
What worries me is what other files it has "played" with which is why I am trying to find out about it.

I hate doing a full Windows install - takes hours.
_________________________
In a time of universal deceit - telling the truth is a revolutionary act. George Orwell

When the debate is lost, slander becomes the tool of the loser. Socrates

Top
#280742 - 5th Jan 2009 9:57pm Re: ~.exe virus? [Re: diggingdeeper]
diggingdeeper Offline

Wiki Guardian

Registered: 9th Jul 2008
Posts: 9559
Loc: Birkenhead
AVG was updated today, identified ~.exe in system32 as Trojan.Win32.Agent.AKSO

This is obviously getting round so watch out for it.

Though this trojan was known about Oct2008, it looks like it has been disguised in ~.exe (which is a packed exe file), none of the normal online scanners nor AVG, Spybot or Adaware recognised it as a baddie yesterday.
_________________________
In a time of universal deceit - telling the truth is a revolutionary act. George Orwell

When the debate is lost, slander becomes the tool of the loser. Socrates

Top
#337849 - 23rd Jul 2009 11:13am Re: ~.exe virus? [Re: diggingdeeper]
diggingdeeper Offline

Wiki Guardian

Registered: 9th Jul 2008
Posts: 9559
Loc: Birkenhead
This nasty little b*gg*r is floating around again - I have yet to discover how it gets into my computer - it is the only virus that sneaks in undetected, it is contained immediately so can't actually do anything.

The only programs I have installed recently have been very established ones, downloaded from the program's own site or filehippo or download.com

The lastest installs/updates were Aspell (GNU spelling checker), Duplicate Cleaner update, AVG update, CCleaner update.

Forgot to check the install date of ~.exe which would have told me what it came in with. I was too quick to BLAST it off this planet.

Although AVG recognised this virus previously, it has gone undetected again so must have been reformed, it is definately the sneakiest trojan around, I do suggest checking if it exists on your computers c:\windows\system32\~.exe

If you find it delete it, there maybe some .dat file in the same directory starting with _c these seem to be its data collection files, I have read about them but never seen them (because on my computer ~.exe is prevented from functioning)

more info

here - clicky

Please no lectures on AVG, F-secure, Avast, Norton etc - they ALL missed this trojan last time it came around in 2008, AVG was the first to correctly recognise it although F-secure was the first that could fix it (unbelievably, before it could detect it).

Top
#337870 - 23rd Jul 2009 12:51pm Re: ~.exe virus? [Re: diggingdeeper]
Shadow_Omega Offline

Wise One

Registered: 29th Apr 2009
Posts: 871
Loc: Leasowe
perhaps you should try the free version of malaware anti malware if Norton and the likes missed it. i had a similar virus a year back and malaware removed it completly. you can find there website here http://www.malwarebytes.org/

Top
#337895 - 23rd Jul 2009 2:24pm Re: ~.exe virus? [Re: Shadow_Omega]
MattLFC Offline
Wiki Master

Registered: 14th Aug 2004
Posts: 22315
Loc: Moreton/Beirut/Mobile
AVG is utter shite at best, and if you are running multiple instances of AV software it is little suprise they are failing to detect virus's.

smile

Top
#337927 - 23rd Jul 2009 3:34pm Re: ~.exe virus? [Re: diggingdeeper]
topofthepops Offline

Addict

Registered: 2nd Nov 2008
Posts: 218
Loc: Wallasey
AVG used to have a function to make a "boot from floppy or CD", but I can't find it in the latest version? I remember having to do one for a friend and could only make a floppy, but then copied this to a CD, as the friends pc didn't have a floppy drive.

You used to be able to use this bootable floppy or CD to boot the pc with, then run the anti virus programe from there, like in DOS mode. First make sure the BIOS setting is enabled (for the needed floppy or CD) as the 1st boot.

I think F-secure does one? If you can do this I'm sure it will make a better job of finding the hidden file that recreates the ~.exe file.

Hope this helps

Top
#337929 - 23rd Jul 2009 3:49pm Re: ~.exe virus? [Re: diggingdeeper]
topofthepops Offline

Addict

Registered: 2nd Nov 2008
Posts: 218
Loc: Wallasey
Originally Posted By: diggingdeeper
Thanks Mark - I had checked with Spybot startup tool, but YES it is there in msconfig under HKLM/Microsoft/Windows/currentversion/run

But I still don't know if it a goody or a baddy

Spybot and AVG don't recognise it as a baddy and none of the other virus companies mention it in there lists of baddies as far as I can see.


A good little programe that gives extra info for whats running on your pc Process Explorer v11.33, By Mark Russinovich. It doesn't install, you just run it.

I don't know if we are allowed to do direct links for files but here it is if you want to try it:

Process Explorer in a zip file

Top
#337943 - 23rd Jul 2009 5:49pm Re: ~.exe virus? [Re: topofthepops]
diggingdeeper Offline

Wiki Guardian

Registered: 9th Jul 2008
Posts: 9559
Loc: Birkenhead
It did turn out to be a Trojan, as I suspected by the way it tried to behave - it was formally identified on 4th Jan 2009, the day after I was playing with it (or it was trying to play with me!).

It concerns me that I have security very well clamped down on my computers AND I am very careful what I run on my computer (I have been an IT professional for 32 years) yet this little blighter still sneaked in TWICE now - if it has infiltrated my computer with the care I take, there must be an awful lot of computers infected by it out there.

To put peoples mind at rest, most firewalls will stop this Trojan from talking back home, BUT I don't know if Windows Firewall will, it is partly disguised as a microsoft program and may be trusted by the microsoft system, I can't find out without risking my system and having to do an 8 hour recovery, not my favourite past-time.
_________________________
In a time of universal deceit - telling the truth is a revolutionary act. George Orwell

When the debate is lost, slander becomes the tool of the loser. Socrates

Top
#337990 - 23rd Jul 2009 8:15pm Re: ~.exe virus? [Re: diggingdeeper]
topofthepops Offline

Addict

Registered: 2nd Nov 2008
Posts: 218
Loc: Wallasey
Do you know if you have completley "bannished" it yet?

I'm as careful as you said you are & I have been lucky upto now & never had a virus/trojan etc. Maybe I shouldn't have said that doh

Top
#338003 - 23rd Jul 2009 9:08pm Re: ~.exe virus? [Re: topofthepops]
diggingdeeper Offline

Wiki Guardian

Registered: 9th Jul 2008
Posts: 9559
Loc: Birkenhead
Originally Posted By: topofthepops
Do you know if you have completley "bannished" it yet?

I'm as careful as you said you are & I have been lucky upto now & never had a virus/trojan etc. Maybe I shouldn't have said that doh
It doesn't make any difference, on my computers it is completely blocked from doing anything. I have deleted the file and done a complete registry clean. It isn't one of these persistent little things (seen enough of those in my job, heal six files and by then another ten have got infected), it just is very sneaky how it gets on! Got to admit, I am very impressed that it has got me twice, six months apart, nothing else has ever got in.
_________________________
In a time of universal deceit - telling the truth is a revolutionary act. George Orwell

When the debate is lost, slander becomes the tool of the loser. Socrates

Top

Moderator:  Mark 
Random Wirral Images

Click to View Topic.
Newest Topics
Virgin broadband
by corona
Yesterday at 05:20 PM
Cowhouses
by Norton
Yesterday at 03:34 PM
Merseyrail
by ambersmum
Yesterday at 02:52 PM
Offline Monday
by Mark
Yesterday at 12:13 PM
Anyone Read Chinese Writing
by Tranquil
9th Dec 2016 3:47pm
For Sale & Free
Steel frame with wheels
by anniebo28
Yesterday at 08:06 PM
Mountain bike carrera Vulcan 100 excellent cond
by TheComputerLab
Yesterday at 03:57 PM
Micro desktop PC
by anniebo28
8th Dec 2016 2:24pm
Iphone 5s, Grey, near mint condition, 50
by anniebo28
7th Dec 2016 7:40pm
Roberts Concerto 2 CD Player For Visually Impaired
by Tranquil
6th Dec 2016 10:05pm
Featured Member
Registered: 20th Feb 2015
Posts: 47
Newest Members
lucyw, BarbaraL, SherryLover, missyb, DavidSharpe
12137 Registered Users
Today's Birthdays
No Birthdays
New Wirral Info
Anyone Read Chinese Writing
by Tranquil
9th Dec 2016 3:47pm
Gymnastics coaches needed.
by margy
3rd Dec 2016 9:28pm
Wirral Globe
by locomotive
1st Dec 2016 6:25pm
Wirral TUC Meeting re Update on Wallasey CLP Suspe
by RUDEBOX
30th Nov 2016 9:16pm
World Aids Day Event 2016. Liverpool
by RUDEBOX
30th Nov 2016 9:05pm
News : New Topics
Geert Wilders
by fish5133
9th Dec 2016 2:44pm
RIP Peter Vaughan
by diggingdeeper
7th Dec 2016 4:22am
That was kept a bit quiet?
by venice
6th Dec 2016 11:25am
Another tree down on Arrowe park Road?
by Davefabo
6th Dec 2016 11:08am
Bunchems Xmas present warning
by venice
6th Dec 2016 9:28am
New Enthusiast Forums
Virgin broadband
by corona
Yesterday at 05:20 PM
Talk Talk Security Breach
by fish5133
7th Dec 2016 6:19pm
Mobile mechanic needed to fit a wishbone
by anniebo28
6th Dec 2016 7:13pm
Vet help
by colin86
6th Dec 2016 6:25pm
Game shocking prices!!!
by eddtheduck
5th Dec 2016 4:55pm
(Views 24hrs)Trending Newest Topics
Cowhouses 161
Virgin broadband 140
Steel frame with wheels 44
Merseyrail 28
Offline Monday 18
Wirral Sunrise Sunset
Sunrise Sun 8:19am
Sunset Sun 3:52pm
Local Time Sun 5:49am
WikiWirral Can . . . .