Canada.exe

Does anyone have any clue what the hell this thing is? It’s been bugging me to death for the past 15 minutes…ehehe…15 minutes…

Anyways, I’ve deleted a few of the .exes labeled canada.exe along with their shortcuts, but I’m 100% certain that there is a .dll file along with it that keeps bringing it back.

Anyone else get this bug? Or am I the only one?

To know more, maybe Google…
If you find a virus keeps coming back after you delete it, it’s most probably infected the System Restore folder, the best way to solve this is to disable System Restore, reboot your machine and then enable it again. After all, run a full avast! scanning. System Restore cannot be disabled on Windows 9x.

Enable/Disable System restore on Windows ME: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q264887
Enable/Disable System restore on Windows XP: http://support.microsoft.com/default.aspx?scid=kb;[LN];310405

This is a Windows 2000 OS. Will this work?

For this feature, Windows 2k is the same of XP, I suppose…
Can you follow this:

Start > Control Panel > System > System restore > Disable
Click Apply
Enable it again
Click Ok

Nope. I don’t see a system restore anywhere. I guess 2000 doesn’t come equipped with restore…which doesn’t make sense to me at all but ok.

I think I might have to just install WinXP on this PC (friend’s)

Can you tell us the name and the path of the infected recurring file?

2K doesn’t have system restore. Only ME and XP have that.

Canada.exe is a dialer.
To remove it:
Kill these processes:
desktopdir+\canada.exe
systemroot+\system32\canada.exe

Remove (if they excist) these files:
desktopdir+\canada.exe
desktopdir+\click me.lnk
profilepath+\start menu\click me.lnk
profilepath+\start menu\uninstall click me.lnk
systemroot+\system32\canada.exe

I tried all that. It keeps coming back. I’m pondering if I should just format or not…

Follow the instructions on THIS PAGE

Hi Drago494,

There’s really no need to reformat just because of a bit of poxy spyware on your system.

First of all, have you done a scan with Ad-Aware, Spybot and MS Anti-Spyware, preferably in safe mode?

Next, the file is coming back because you haven’t killed the processes which are recreating it. A Google search will reveal several anti-spyware forum threads which identify processes which are associated with this malware. If the ones Eddy mentioned are not responsible, you need to do a search for canada.exe and make a note of the processes and files which are associated with it. Kill the processes and delete the files, or start your computer in safe mode where the processes will not be running and delete the files.

If this doesn’t work, please post a HijackThis! log as described here:

http://www.bleepingcomputer.com/forums/tutorial42.html