New suspect file

Viruses and worms
1

Got a new file appeared today in the task manager and nothing appears when I google the file/process name and avast doesnt pick anything up when I scan the file. The filename is klggvsvjpj.exe. It appears in the c:/windows/system32 folder size 564 kb, and in the prefetch folder as KLGGVSVJPJ.EXE-12E91F45.pf .The exe can sometimes use up to 30%-40% of total processor speed on my poor old machine the rest of the time its at 1%. Its memory footprint is currently 6424k. My machine is running “windoze” xp sp2. I cant find anything on the net at all which is strange to say the least. Usually you get some sort of match. Cant even get one with a partial file name search.

2

I suppose avast does not detect it…
With this name, I won’t be affraid to use KillBox to delete it.
http://www.killbox.net/help.html

The better will be test the file against on-line scanners. Submit the file to:
Virustotal
Jotti

Full computer scanning:
Kaspersky
Trendmicro housecall
Ewido

Also, you could try a-squared, Free AVG Antispyware, SUPERantispyware or Spyware Terminator (trojan removers).

3

Thanks for the file links. Sent a copy to Virustotal for scanning just waiting on reply.
Was already running an adaware scan and it came up with this in the report.

52 [klggvsvjpj.exe]
FilePath : C:\WINDOWS\system32
ProcessID : 2900
ThreadCreationTime : 06-11-2006 19:11:16
BasePriority : Normal
FileVersion : 5.1.2700.0 (NT client.010817-1148)
ProductVersion : 5.1.2700.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Actualizaciones automáticas
InternalName : winupdaters.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : winupdaters.exe

I always thought windows update was part of the os not a separate exe?

Whilst typing this reply the Virustotal completed all clear except for the Panda result which claims W32/Spybot.AFJ.worm. Will try the second link.

4

Anyone else who gets this file better hope they have an up to date backup. Tried all virus progs I could find and none could remove it. Also used the instructions on a website to remove it with hijackthis! It dont work. Now using my latest backup that is not infected. Hope anyone else has better luck than me. TTFN

5

Did you try KillBox?