Solved strange exe file and registry entry, need help

Biostar / 945g micro 775 te
October 2, 2012 at 22:52:17
Specs: Windows server 2003, 2.661 GHz / 1527 MB
recently i found a exe file named "bd3fd2a_1609.exe" in the "C:\Documents and Settings\Administrator" Location. There is no running process for this in the task mgr or at least i didn't find any. every time i delete that file it appears within a moment. In the registry there is a registry key with the same name( under data) and it is running with "windows update server" name entry. it looks like:

Name Type Date
Windows update server REG_SZ C:\Documents ...\Admin\bd3fd2a_1609.exe

Please help me out, is this a malware or some legal process I'm not familiar with.


See More: strange exe file and registry entry, need help

Report •

#1
October 2, 2012 at 23:23:30
See if you can upload the file to VirusTotal for checking, here is the link:
https://www.virustotal.com/

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#2
October 3, 2012 at 00:21:15
the site said it is win32 trozan but why my symantec cannot detect it?

Report •

#3
October 3, 2012 at 01:27:38
✔ Best Answer
Download and run Rkill from this link:
http://www.bleepingcomputer.com/dow...
Try the iExlore.exe download first, try it a few times if it doesn't run straight away.

Malwarebytes free from this link:
http://www.malwarebytes.org/product...
Undate it and run a quick scan removing all it finds.

Hitman Pro trial version from this link:
http://www.surfright.nl/en/hitmanpro/

Do not turn your pc off between scans please.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •
Related Solutions


Ask Question