Calling all spy~techs, Has anyone seen this before, igitkah.exe ,I can't find anything on it, please share the link if you find one, and I'll do the same if I come up with something. Its showing up in a friends 'startup', have it unchecked, but haven't a clue about it.

Count on it being a trojan/worm/virus. After UNselecting it, do a find files and delete it. Then update your virus defs and do a full scan.

WhitPhil is right on the money, you have the Klez virus

Whitphil! It is an HONOR to have you perusing my post, even more so than the answer to my question. Thank you, It does look super suspicious, so we'll hunt down all of its associations on the computer, and remove it all. Should there be a revelation on this, I'll get back with it. Good to hear from you Whitphil, over the years many a computer problem in my home, friends, & family have been fixed by your succinct & skilled tech intuition. And that goes way back ~ and many forums, :)

Another thing you will probably have to do is to go into regedit and do a find for that and see what app is generating it. Sometimes this trojan type viruses will make a new one everytime that you bootup, so that it will never be the same. You can find through regedit what program is generating it and delete that program. Do this if you can get rid of it anyother way. Hope this helps.

Hey Everyone, I just wanted to update ya on this mystery virus. Here's the startuplist Hijack log I finally got from the afflicted pc. Although I can't link, connect or identify IGITKAH.exe any further, another trojan does emerge here. AUTOUPDR TROJAN Here's the hijack log for those who want the reference for this trojan: C:\WINDOWS\AUSVC.exe C:\WINDOWS\BVT.EXE StartupList report, 9/8/2003, 4:09:57 AM StartupList version: 1.52 Started from : C:\WINDOWS\DESKTOP\HIJACKTHIS.exe Detected: Windows 98 Gold (Win9x 4.10.1998) Detected: Internet Explorer v5.00 (5.00.2314.1000) * Using default options ================================================== Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.exe C:\WINDOWS\SYSTEM\MPREXE.exe C:\WINDOWS\SYSTEM\MSTASK.exe C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.exe C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.exe C:\WINDOWS\SYSTEM\SYSTRAY.exe C:\WINDOWS\ESSOLO.exe C:\MOUSE\SYSTEM\EM_EXEC.exe C:\IBMTOOLS\APTEZBTN\APTEZBP.exe C:\CSAFE\AUTOCHK.exe C:\WINDOWS\AUSVC.exe C:\WINDOWS\BVT.exe C:\QUICKENW\QWDLLS.exe C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.exe C:\WINDOWS\DESKTOP\ANTI.exe C:\WINDOWS\SYSTEM\DDHELP.exe C:\WINDOWS\DESKTOP\HIJACKTHIS.exe --------------------- Listing of startup folders: Shell folders Startup: [C:\WINDOWS\Start Menu\Programs\StartUp] Quicken Startup.lnk = C:\QUICKENW\QWDLLS.exe --------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run ScanRegistry = c:\windows\scanregw.exe /autorun SystemTray = SysTray.exe ESSOLO = ESSOLO.exe LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme EM_EXEC = c:\mouse\system\em_exec.exe AEZBProc = c:\ibmtools\aptezbtn\aptezbp.exe ConfigSafe = C:\CSAFE\AUTOCHK.exe Norton Auto-Protect = C:\PROGRA~1\NORTON~1\NAVAPW32.exe /LOADQUIET ausvc = C:\WINDOWS\ausvc.exe SysScan = C:\WINDOWS\bvt.exe igitkah = "C:\WINDOWS\SYSTEM\IGITKAH.exe" _________________ Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices SchedulingAgent = mstask.exe LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme --------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce [Dialer] TEMP = C:\TEMP\nstemp Maindir = C:\Program Files\IBM Global Network PRODUCT TITLE = IBM Internet Connection --------------------- C:\WINDOWS\WININIT.BAK listing: (Created 4/9/2003, 14:43:38) [Rename] C:\WINDOWS\SYSTEM\USER.EXE=C:\WINDOWS\SYSTEM\SFCB244.TMP --------------------- C:\AUTOEXEC.BAT listing: SET CLASSPATH=C:\Program Files\PhotoDeluxe 2.0\AdobeConnectables PATH=c:\windows;c:\windows\command;c:\ibmtools;c:\ c:\essolo.com --------------------- Enumerating Browser Helper Objects: (no name) - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_7.DLL - {02478D38-C3F9-4efb-9B51-7695ECA05670} (no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} --------------------- Enumerating Task Scheduler jobs: Tune-up Application Start.job Maintenance-Defragment programs.job Maintenance-ScanDisk.job Maintenance-Disk cleanup.job --------------------- Enumerating Download Program Files: [CouponDown Class] InProcServer32 = C:\WINDOWS\SYSTEM\COUPONX.DLL CODEBASE = http://www9.coolsavings.com/download/CouponX.cab [Shockwave ActiveX Control] InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL CODEBASE = http://activex.microsoft.com/active...media/Swdir.cab [Create and Print ActiveX Plug-in] InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\AXCTP.DLL CODEBASE = http://di.imgag.com/imgag/cp/install/AxCtp.cab [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\SWFLASH.OCX CODEBASE = http://download.macromedia.com/pub/...ash/swflash.cab [{9DBAFCCF-592F-FFFF-FFFF-00608CEC297C}] CODEBASE = http://download.weatherbug.com/mini...uginstaller.cab [CV3 Class] InProcServer32 = C:\WINDOWS\SYSTEM\WUV3IS.DLL CODEBASE = http://windowsupdate.microsoft.com/...en/actsetup.cab [CMV4 Class] InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\CSCMV4X.DLL CODEBASE = http://www109.coolsavings.com/ltc/download/cscmv4X.cab [Genealogy Browser] InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ZINST.DLL CODEBASE = http://66.119.139.74/cabs/zinst.cab [CMV5 Class] InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\CPNMGR.DLL CODEBASE = http://www105.coolsavings.com/ltc/download/cscmv5X.cab [RdxIE Class] InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RDXIE.DLL CODEBASE = http://207.188.7.150/25aa404d62d0ea...ip/RdxIE601.cab [cpbrxpie Control] InProcServer32 = C:\WINDOWS\CPBRXPIE.OCX CODEBASE = http://a19.g.akamai.net/7/19/7125/4...20/cpbrxpie.cab --------------------- Enumerating ShellServiceObjectDelayLoad items: WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL --------------------- End of report, 5,801 bytes Report generated in 0.357 seconds I STILL dont have a tangible connection to IGITKAH.exe though...... ? Howerver, the trojan AUOTUPDR, downloads from a .cab file called Coolstuff.cab, on the machine are Coolsavings.cab, still working on this one :)