system
April 23, 2013, 5:41am
1
Hey guys!
I have these 2 files that I have no clue where they came from or what they are. kcheeyualpqzrons.exe and tugrhwzctefhuyewibfxbpfev.exe. I’ve scanned them with malwarebytes and Avast and they come up clean, but what the heck?? When I google them, I get that their malware but I can’t delete them. I even tried it in safe mode and it tells me I can’t delete them because they are being used in another program…
Any clues as to what these files are and where they came from???
Thanks!
Beau
It is cloaked malware. File up the reports as asked here http://forum.avast.com/index.php?topic=53253.0
and wait for a qualified malware remover to look into the matter
Re: http://forums.malwarebytes.org/index.php?showtopic=121478
polonus
Pondus
April 23, 2013, 5:59am
3
upload the files to www.virustotal.com and test wih 40+ malware scanners
post link to scan result here
Pondus
April 23, 2013, 6:01am
4
I even tried it in safe mode and it tells me I can't delete them because they are being used in another program...
what is the location of these files..... full file path
system
April 23, 2013, 6:05am
5
Hey Polonus,
Thanks for the reply! Yeah I did all that here… http://forum.avast.com/index.php?topic=120917.new;topicseen#new
Files are still there…
system
April 23, 2013, 6:11am
6
system
April 23, 2013, 6:13am
7
I even tried it in safe mode and it tells me I can't delete them because they are being used in another program...
what is the location of these files..... full file path
Both files are at C:\Users\Beau
Pondus
April 23, 2013, 6:24am
8
in the virustotal report…at top, click…additional information
file 1
First seen by VirusTotal
2006-09-18 07:26:15 UTC ( 6 years, 7 months ago )
file 2
First seen by VirusTotal
2006-09-18 07:26:15 UTC ( 6 years, 7 months ago )
system
April 23, 2013, 6:30am
9
Just delete the files from that folder,they are probably harmless junk or just corrupt files.
Pondus
April 23, 2013, 6:36am
10
7 years old and still not detected. :
system
April 23, 2013, 6:42am
11
Oops…that was a typo,they are just probably corrupt files or left over junk.
system
April 24, 2013, 3:57am
12
Either I’m not understanding you or you didn’t read my post… I’m trying to delete them but it won’t let me. I even tried it in safe mode. It says… the file is being used by another program." So how do I know what the other program it is and stop it to delete these files??
File was found to be in one of these programs and without uninstalling they won’t allow you to delete the file.
DRAW (Corel Corporation)
Photo-Paint (Corel Corporation)
Commerce Server Developer Edition (Microsoft)
Exchange Server Enterprise Edition (Microsoft)
eMbedded Visual Tools (Microsoft)
Internet Security and Acceleration Server - Enterprise Edition (Microsoft)
Commerce Server - Developer Edition (Microsoft)
Linux (Corel Corporation)
Yourideallink.com (Ideal link Inc.)
NSRL Test (NIST)
Visio (Microsoft)
Visio Enterprise Edition (Microsoft)
EarthLink (Earthlink Inc.)
Riven (Red Orb)
Quicken (Intuit Inc.)
Get Set to Learn (Creative Wonders)
MySQL (NuSphere Corporation)
Windows (Microsoft)
QuickBooks (Intuit Inc.)
Tivoli Manager (Tivoli)
Do you recognize any?
polonus
system
April 24, 2013, 9:40pm
14
Nope lol
Oh well I guess I just have to keep them
As there is zero detection at VT, then that is what it comes up to…
polonus