I started getting alerts about URL blocked, and the object as listed as C:\Windows\nkoxaa.exe. Sure enough, it was listed in the process list. I deleted it, but cannot find any information about this ‘file’ on the web. Anyone ever seen this one?
Thanks
Hi rowlf914,
This is a random named executable that is being generated by a fake anti virus program
Reboot into SafeMode and delete any suspicious start-up program
Re-start your machine in Safe Mode and perform a System Restore to a point in time before the
infection with nkoxaa.exe occured
Reboot and scan your computer with MBAM download from here: http://www.malwarebytes.org/mbam-download.php
update MBAM to the latest definitions before doing the full scan,
you can attach a logfile as txt file to your next posting
Do not forget also to delete the nkoxaa registry entries if found here:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “nkoxaa“
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “nkoxaa.exe”
polonus