What are these files?

Hey guys!
I have these 2 files that I have no clue where they came from or what they are. kcheeyualpqzrons.exe and tugrhwzctefhuyewibfxbpfev.exe. I’ve scanned them with malwarebytes and Avast and they come up clean, but what the heck?? When I google them, I get that their malware but I can’t delete them. I even tried it in safe mode and it tells me I can’t delete them because they are being used in another program…

Any clues as to what these files are and where they came from???

Thanks!

Beau

It is cloaked malware. File up the reports as asked here http://forum.avast.com/index.php?topic=53253.0
and wait for a qualified malware remover to look into the matter
Re: http://forums.malwarebytes.org/index.php?showtopic=121478

polonus

upload the files to www.virustotal.com and test wih 40+ malware scanners
post link to scan result here

I even tried it in safe mode and it tells me I can't delete them because they are being used in another program...
what is the location of these files..... full file path

Hey Polonus,
Thanks for the reply! Yeah I did all that here… http://forum.avast.com/index.php?topic=120917.new;topicseen#new

Files are still there…

kcheeyualpqzrons.exe

https://www.virustotal.com/en/file/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/analysis/1366697258/

tugrhwzctefhuyewibfxbpfev.exe

https://www.virustotal.com/en/file/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/analysis/1366697406/

Both files are at C:\Users\Beau

in the virustotal report…at top, click…additional information

file 1

First seen by VirusTotal
2006-09-18 07:26:15 UTC ( 6 years, 7 months ago )

file 2

First seen by VirusTotal
2006-09-18 07:26:15 UTC ( 6 years, 7 months ago )

Just delete the files from that folder,they are probably harmless junk or just corrupt files.

7 years old and still not detected. ::slight_smile:

Oops…that was a typo,they are just probably corrupt files or left over junk.

Either I’m not understanding you or you didn’t read my post… I’m trying to delete them but it won’t let me. I even tried it in safe mode. It says… the file is being used by another program." So how do I know what the other program it is and stop it to delete these files??

File was found to be in one of these programs and without uninstalling they won’t allow you to delete the file.

  1. DRAW (Corel Corporation)
  2. Photo-Paint (Corel Corporation)
  3. Commerce Server Developer Edition (Microsoft)
  4. Exchange Server Enterprise Edition (Microsoft)
  5. eMbedded Visual Tools (Microsoft)
  6. Internet Security and Acceleration Server - Enterprise Edition (Microsoft)
  7. Commerce Server - Developer Edition (Microsoft)
  8. Linux (Corel Corporation)
  9. Yourideallink.com (Ideal link Inc.)
  10. NSRL Test (NIST)
  11. Visio (Microsoft)
  12. Visio Enterprise Edition (Microsoft)
  13. EarthLink (Earthlink Inc.)
  14. Riven (Red Orb)
  15. Quicken (Intuit Inc.)
  16. Get Set to Learn (Creative Wonders)
  17. MySQL (NuSphere Corporation)
  18. Windows (Microsoft)
  19. QuickBooks (Intuit Inc.)
  20. Tivoli Manager (Tivoli)

Do you recognize any?

polonus

Nope lol
Oh well I guess I just have to keep them :frowning:

As there is zero detection at VT, then that is what it comes up to…

polonus