Weird executables in start up??

[Guest]

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

I have googled for these with no luck. What would these exe. programs be
doing in the start up in "msconfig?"

C:\windows\ubfcmktm.exe
And:
C:windows\systme32\wuxzlywr.exe
And:
C:windows\system32\zzb.exe

I can uncheck them in "msconfig" and then I go back in there a few days
later and one of them is checked again?

Where are they coming from and what are they trying to do?

Any info would be appreciated.

Antivirus enabled as well as firewall.
Windows XP with all updates.


WS

 

[milt]

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

I think you've got some "Spyware". Have a look at this
site: http://www.lavasoftsupport.com/index.php?
showtopic=21044. You should download free copies of
Adaware and Spybot. I run both of them once every few
weeks.

Hope this helps,
Milt

>-----Original Message-----
>I have googled for these with no luck. What would these
exe. programs be
>doing in the start up in "msconfig?"
>
>C:\windows\ubfcmktm.exe
>And:
>C:windows\systme32\wuxzlywr.exe
>And:
>C:windows\system32\zzb.exe
>
>I can uncheck them in "msconfig" and then I go back in
there a few days
>later and one of them is checked again?
>
>Where are they coming from and what are they trying to do?
>
>Any info would be appreciated.
>
>Antivirus enabled as well as firewall.
>Windows XP with all updates.
>
>
>WS
>
>
>.
>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

My thought at first also.

However, I run adware, spybot, and pest patrol regularly and they find
nothing.

Anit virus is also clean as well.

Why can't I find them by searching Google?

Any other thoughts/ideas?

WS

"Milt" <anonymous@discussions.microsoft.com> wrote in message
news:1a91101c41e60$792ca840$a401280a@phx.gbl...
> I think you've got some "Spyware". Have a look at this
> site: http://www.lavasoftsupport.com/index.php?
> showtopic=21044. You should download free copies of
> Adaware and Spybot. I run both of them once every few
> weeks.
>
> Hope this helps,
> Milt
>
> >-----Original Message-----
> >I have googled for these with no luck. What would these
> exe. programs be
> >doing in the start up in "msconfig?"
> >
> >C:\windows\ubfcmktm.exe
> >And:
> >C:windows\systme32\wuxzlywr.exe
> >And:
> >C:windows\system32\zzb.exe
> >
> >I can uncheck them in "msconfig" and then I go back in
> there a few days
> >later and one of them is checked again?
> >
> >Where are they coming from and what are they trying to do?
> >
> >Any info would be appreciated.
> >
> >Antivirus enabled as well as firewall.
> >Windows XP with all updates.
> >
> >
> >WS
> >
> >
> >.
> >

 

[Guest]

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

On Fri, 09 Apr 2004 22:55:40 GMT, W????n S. wrote:

> My thought at first also.
>
> However, I run adware, spybot, and pest patrol regularly and they find
> nothing.
>
> Anit virus is also clean as well.
>
> Why can't I find them by searching Google?
>
> Any other thoughts/ideas?
>
> WS
>

Viruses and worms have been known to morph their names to avoid detection.
Most antivirus programs will peg "virus like" activity but it's still
possible for one to slip in and evade detection for quite a while. Now we
have spyware doing the same thing.

Try a full system scan with your antivirus program. These are more thorough
than the realtime auto scans. Make sure your virus definitions are up to
date. Update your anti-spyware programs and run those again as well.

Whenever I run across seemingly nonsensical names, I check on them a bit
more closely. File properties sometimes tell you what company installed the
file. You can check the date the file was added to your system and search
for other files from the same day. You may be able to tie the files into a
the installation of a particular software package. HP, for example, has
some very weird names for some of their files! A search in the registry may
show up as a key for a software package.

If all of these things come to a dead end, I rename the files to see if any
thing yells about them being "missing." A popup at startup that says
<program> cannot find zzb.exe might appear and I'll recognize the program's
name. If nothing yells, delete the files. Continue to use safe computing
skills and hopefully no more odd named files will appear.

--
Sharon F
MS-MVP ~ Windows XP Shell/User

 

[Guest]

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

http://216.239.53.104/search?q=cache:UKEzNQd77UkJ:forums.anandtech.com/messageview.cfm%3Fcatid%3D38%26threadid%3D1260775+zzb.exe&hl=en&ie=UTF-8

or start using firefox from mozilla.org

plus don't forget to update ad-aware and spybot regularly.

>-----Original Message-----
>My thought at first also.
>
>However, I run adware, spybot, and pest patrol regularly
and they find
>nothing.
>
>Anit virus is also clean as well.
>
>Why can't I find them by searching Google?
>
>Any other thoughts/ideas?
>
>WS
>
>"Milt" <anonymous@discussions.microsoft.com> wrote in message
>news:1a91101c41e60$792ca840$a401280a@phx.gbl...
>> I think you've got some "Spyware". Have a look at this
>> site: http://www.lavasoftsupport.com/index.php?
>> showtopic=21044. You should download free copies of
>> Adaware and Spybot. I run both of them once every few
>> weeks.
>>
>> Hope this helps,
>> Milt
>>
>> >-----Original Message-----
>> >I have googled for these with no luck. What would these
>> exe. programs be
>> >doing in the start up in "msconfig?"
>> >
>> >C:\windows\ubfcmktm.exe
>> >And:
>> >C:windows\systme32\wuxzlywr.exe
>> >And:
>> >C:windows\system32\zzb.exe
>> >
>> >I can uncheck them in "msconfig" and then I go back in
>> there a few days
>> >later and one of them is checked again?
>> >
>> >Where are they coming from and what are they trying to do?
>> >
>> >Any info would be appreciated.
>> >
>> >Antivirus enabled as well as firewall.
>> >Windows XP with all updates.
>> >
>> >
>> >WS
>> >
>> >
>> >.
>> >
>
>
>.
>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

W????n S. wrote:
> My thought at first also.
>
> However, I run adware, spybot, and pest patrol regularly and they find
> nothing.
>
> Anit virus is also clean as well.
>
> Why can't I find them by searching Google?
>
> Any other thoughts/ideas?
>
> WS
>

Found this link for a adware that uses random 8 letter names for DLL files.
It appears you're dealing with similar but EXE files instead.
http://sarc.com/avcenter/venc/data/adware.iagold.html

You may want to try visiting one of the sites that can check your system
online for parasites: http://www.aumha.org/a/noads.htm

And just in case you've picked up a virus that's disabled your antivirus,
should probably visit one of the online A/V sites too:
If you think you have a virus and you think your AV program may be affected,
try one of the online scanners. Here's links to just a few of those that are
available:

http://www.pandasoftware.com/activescan/
http://security.symantec.com/default.asp?productid=symhome&langid=ie&venid=sym
http://housecall.trendmicro.com/
http://www3.ca.com/virusinfo/virusscan.aspx

--
Sharon F
MS-MVP Windows XP

 

[Guest]

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

W????n S. wrote:
My thought at first also.

However, I run adware, spybot, and pest patrol regularly and they
find nothing.

Anit virus is also clean as well.

Why can't I find them by searching Google?

Any other thoughts/ideas?

WS


Found this link for a adware that uses random 8 letter names for DLL
files. It appears you're dealing with similar but EXE files instead.
http://sarc.com/avcenter/venc/data/adware.iagold.html

You may want to try visiting one of the sites that can check your
system online for parasites: http://www.aumha.org/a/noads.htm

And just in case you've picked up a virus that's disabled your
antivirus, should probably visit one of the online A/V sites too:
If you think you have a virus and you think your AV program may be
affected, try one of the online scanners. Here's links to just a few
of those that are available:

http://www.pandasoftware.com/activescan/
http://security.symantec.com/default.asp?productid=symhome&langid=ie&v
enid=sym http://housecall.trendmicro.com/
http://www3.ca.com/virusinfo/virusscan.aspx

Thanx that helped

--
mono gia panta,oxi prosorina

 

[Guest]

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

On Sun, 11 Apr 2004 11:09:59 -0400, Steve Tzanis wrote:

> W????n S. wrote:
> My thought at first also.
>
> However, I run adware, spybot, and pest patrol regularly and they
> find nothing.
>
> Anit virus is also clean as well.
>
> Why can't I find them by searching Google?
>
> Any other thoughts/ideas?
>
> WS

You updated AdAware, Spybot S&D and your antivirus before doing the
scanning? And scanned at third party sites? The programs that you have
installed can only tag and remove things that they know about. If the
programs aren't up to date, they could be incapable of detecting the cause.

Why aren't the names find-able on Google?

1) If you have something on the system producing random random names, you
may be the only person on earth that has those file names. What you could
do is make a copy of one of those files and submit it to the antivirus
company for analyzing.

2) May belong to an obscure program that you've installed. Have you tried
matching the dates of the files with others yet to see if they belong to
some software package?

The odd names and persistent startup behavior justifies regarding these
files with suspicion. You've already tried un-checking them in MSCONFIG.
You know that Windows can start without the files. Next thing you could try
is moving them off to another folder. You will get an error about missing
files at startup but that message might at least tell you what program is
looking for them.

--
Sharon F
MS-MVP ~ Windows XP Shell/User

 

[Guest]

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

"Sharon F" <sharonfDEL@ETEmvps.org> wrote in message
news:%23DbGma%23HEHA.3240@TK2MSFTNGP12.phx.gbl...
> On Sun, 11 Apr 2004 11:09:59 -0400, Steve Tzanis wrote:
>
> > W????n S. wrote:
> > My thought at first also.
> >
> > However, I run adware, spybot, and pest patrol regularly and they
> > find nothing.
> >
> > Anit virus is also clean as well.
> >
> > Why can't I find them by searching Google?
> >
> > Any other thoughts/ideas?
> >
> > WS
>
> You updated AdAware, Spybot S&D and your antivirus before doing the
> scanning? And scanned at third party sites? The programs that you have
> installed can only tag and remove things that they know about. If the
> programs aren't up to date, they could be incapable of detecting the
cause.
>
> Why aren't the names find-able on Google?
>
> 1) If you have something on the system producing random random names, you
> may be the only person on earth that has those file names. What you could
> do is make a copy of one of those files and submit it to the antivirus
> company for analyzing.
>
> 2) May belong to an obscure program that you've installed. Have you tried
> matching the dates of the files with others yet to see if they belong to
> some software package?
>
> The odd names and persistent startup behavior justifies regarding these
> files with suspicion. You've already tried un-checking them in MSCONFIG.
> You know that Windows can start without the files. Next thing you could
try
> is moving them off to another folder. You will get an error about missing
> files at startup but that message might at least tell you what program is
> looking for them.
>
> --
> Sharon F
> MS-MVP ~ Windows XP Shell/User

Sharon,

Thanks for all your input. Been a little busy. I do update all spyware
detectors very often as well as AV. I am not a regular installer of software
per sey, since most of my applications are installed and that is what I use,
period. I do not randomly install software simply to try it out. Basically I
am a power gamer and I keep the machine as lean as possible.
I will look into all your suggestions, however.

P.S. I do recall trying to delete one of those files in the WINDOWS folder
once and it said that the program was in use. I will try again in safe mode
and see what gives.

Thanks again!

WS

 

[Guest]

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

On Sun, 11 Apr 2004 22:33:53 GMT, W????n S. wrote:

> Sharon,
>
> Thanks for all your input. Been a little busy. I do update all spyware
> detectors very often as well as AV. I am not a regular installer of software
> per sey, since most of my applications are installed and that is what I use,
> period. I do not randomly install software simply to try it out. Basically I
> am a power gamer and I keep the machine as lean as possible.
> I will look into all your suggestions, however.
>
> P.S. I do recall trying to delete one of those files in the WINDOWS folder
> once and it said that the program was in use. I will try again in safe mode
> and see what gives.
>
> Thanks again!

You're welcome! You may want to follow up on sending copies of those files
to your antivirus vendor for analyzing. If the results come back negative
(no virus found), you can at least breathe a little easier while you
continue in your attempts to figure out what these files are.

--
Sharon F
MS-MVP ~ Windows XP Shell/User

 

[Guest]

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

"Sharon F" <sharonfDEL@ETEmvps.org> wrote in message
news:%23xSojJDIEHA.4092@TK2MSFTNGP11.phx.gbl...
> On Sun, 11 Apr 2004 22:33:53 GMT, W????n S. wrote:
>
> > Sharon,
> >
> > Thanks for all your input. Been a little busy. I do update all spyware
> > detectors very often as well as AV. I am not a regular installer of
software
> > per sey, since most of my applications are installed and that is what I
use,
> > period. I do not randomly install software simply to try it out.
Basically I
> > am a power gamer and I keep the machine as lean as possible.
> > I will look into all your suggestions, however.
> >
> > P.S. I do recall trying to delete one of those files in the WINDOWS
folder
> > once and it said that the program was in use. I will try again in safe
mode
> > and see what gives.
> >
> > Thanks again!
>
> You're welcome! You may want to follow up on sending copies of those files
> to your antivirus vendor for analyzing. If the results come back negative
> (no virus found), you can at least breathe a little easier while you
> continue in your attempts to figure out what these files are.
>
> --
> Sharon F
> MS-MVP ~ Windows XP Shell/User

Sharon,

I did go into safe mode and was able to delete another random 8 letter
executable. I sent it to my AV vendor and I will see what comes of that.

Thanks again,

WS