I have in System32 lrzq.exe and lrzq.DAT file.

I have just removed the bla.exe trojan and when looking in task manager I noticed the lrqz.exe was running, I have never noticed it before.

I have searched on Google and found nothing, and was wondering if anyone can shed some light on this for me.

Thanks in advance
Alan56

Any fool can make a rule and any fool will follow it

www.wankerdrivers.com

Hey there ...

1 Download the following four items...

McAfee Stinger
http://vil.nai.com/vil/stinger/

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend Pattern File.
http://www.trendmicro.com/download/pattern.asp

Adaware SE (free personal version v1.05)
http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download SYSCLEAN.COM and place it in that directory.
Dowload the Trend Pattern File by obtaining the ZIP file.
For example; lpt265.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM
2) Update Adaware with the latest definitions.
3) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode
5) Using Trend Sysclean, Stinger and Adaware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using the three
utilities; Trend Sysclean, Stinger and Adaware
7) If you are using WinME or WinXP, Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) If you are using WinME or WinXP, create a new Restore point

Thanks for that.

Now back to my original question

What is lrzq.exe?

Thanks in advance
Alan56

Any fool can make a rule and any fool will follow it

www.wankerdrivers.com

Report Offensive Follow Up For Removal

Hi... Try using windows explorer, find the lrzq.exe file, right click on it,
click on properties,look at the "general" "version" and
compatability" tabs. IF they are listed.

look on the version tab for the manufacturer of the file, IF the info
is there it may give you a clue as to the program or program maker.

Also if you like here are some programs that you can use to track uncertain programs as to what they might be and from where ....

PRC View - www.prcview.com
Process Explorer -
http://www.sysinternals.com/ntw2k/freeware/procexp.shtml
TCP View
http://www.sysinternals.com/ntw2k/source/tcpview.shtml

Hi

Thanks for the replies

I checked on the properties tab and all it gives me is the created info.

The worry of this is its the same date as i was hit by a trojan.

I have put it in the recycle bin and I'll see how it goes for a few days

I'll post back with any info and results after I send it into cyber space once and for all.

Thanks again
Alan56

Any fool can make a rule and any fool will follow it

www.wankerdrivers.com

Report Offensive Follow Up For Removal

Scan it here
http://virusscan.jotti.dhs.org/

or submit to Lavasoft
http://www.lavahelp.net/submit/

before you delete.

Abnormal

What a great link

Thx a bunch
Heres what the scan found
INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
Packers detected: PE_PATCH.PECOMPACT, PECBUNDLE, PECOMPACT

AntiVir BDS/Agent.EC (0.14 seconds taken)
Avast Win32:Trojano-834 (1.51 seconds taken)
BitDefender Backdoor.Agent.EC (0.51 seconds taken)
ClamAV Trojan.Agent-7 (0.32 seconds taken)
Dr.Web BackDoor.Mozzy (0.50 seconds taken)
F-Prot Antivirus W32/Agent.FU@bd (0.06 seconds taken)
Kaspersky Anti-Virus Backdoor.Win32.Agent.ec (1.06 seconds taken)
mks_vir Trojan.Agent.Ec (0.20 seconds taken)
NOD32 Win32/Agent.EC (0.37 seconds taken)
Norman Virus Control W32/Agent.EH (0.12 seconds taken)

Its now in cyber space lol

Thanks Guys
Alan56

Any fool can make a rule and any fool will follow it

www.wankerdrivers.com

Report Offensive Follow Up For Removal

Cool, glad you found a name for it.

Goofy names you can't find info about
are mostly bad news.