Anyone know what this is??

[Peter Gurk]

I have a stupid piece of software I'm convinced is spyware but I cannot
determine what it is. If anyone can help me identify this I'd appreciate it.

Basically, there is a garbage-named executable in C:\WINDOWS\SYSTEM32. Right
now, it's named lkkfdks.exe. Whenever I try to kill it from Task Manager,
after I issue End Process and when the process actually goes away, it makes
a copy of itself and launches the copy. So, for example, I will kill
lkkfdks.exe and now it becomes durkkq.exe. I've tried to boot Windows XP
Home in Diagnostic Startup, but somehow it is still launching itself. I even
stripped the write privledges for everyone from the registry folder
LM\Software\Microsoft\Windows\CurrentVersion\Run, such that there are no
entries I can find in any of the obvious startup places. This part has me a
little baffled-- not sure how it's starting itself up.

So, I cannot delete the executable and I'm at a bit of a loss. Occasionally
it will pop up a stupid box asking me about downloading an html file from
abetterinternet.com. I find this hilarious, because I went to their website
and they offer a second piece of software you can supposedly download to
remove the junk (which I'm guessing they installed in the first place
somehow). I think I'll pass on that offer...

Any advice of a technical/non-technical you can provide me I'd appreciate
it.

Peter

[Peter Gurk]

As an addendum, here is what it pops up trying to download, if it at all
matters...

thnall1ac.htm from download.abetterinternet.com

[Woody]

Google search........

"Peter Gurk" <none@none.com> wrote in message
newsRd6e.35063$QB6.2322194@twister.southeast.rr.com...
> As an addendum, here is what it pops up trying to download, if it at all
> matters...
>
> thnall1ac.htm from download.abetterinternet.com
>
>

[Peter Gurk]

Thanks, but I wouldn't have posted here before doing as much searching as I
could.

"Woody" <TheDuck@pond.net> wrote in message
news:9_e6e.52$xf2.49@newssvr31.news.prodigy.com...
> Google search........
>
> "Peter Gurk" <none@none.com> wrote in message
> newsRd6e.35063$QB6.2322194@twister.southeast.rr.com...
> > As an addendum, here is what it pops up trying to download, if it at all
> > matters...
> >
> > thnall1ac.htm from download.abetterinternet.com
> >
> >
>
>

[DLink Guru]

Well the net says they are an advertising group, so I would guess its full
blown mallware.....

"Peter Gurk" <none@none.com> wrote in message
news:mxf6e.33188$9v2.1137323@twister.southeast.rr. com...
> Thanks, but I wouldn't have posted here before doing as much searching as
> I
> could.
>
> "Woody" <TheDuck@pond.net> wrote in message
> news:9_e6e.52$xf2.49@newssvr31.news.prodigy.com...
>> Google search........
>>
>> "Peter Gurk" <none@none.com> wrote in message
>> newsRd6e.35063$QB6.2322194@twister.southeast.rr.com...
>> > As an addendum, here is what it pops up trying to download, if it at
>> > all
>> > matters...
>> >
>> > thnall1ac.htm from download.abetterinternet.com
>> >
>> >
>>
>>
>
>

[CWatters]

"Peter Gurk" <none@none.com> wrote in message
newsMd6e.32700$9v2.1126927@twister.southeast.rr.com...

> Basically, there is a garbage-named executable in C:\WINDOWS\SYSTEM32.
Right
> now, it's named lkkfdks.exe. Whenever I try to kill it from Task Manager,
> after I issue End Process and when the process actually goes away, it
makes
> a copy of itself and launches the copy.

Try booting in safe mode and hit it with adware removal tools (Spybot Search
& destroy, MS Antispyware beta etc)

Last year my wifes PC got hit with something similar. It started with around
5 or 6 suspect processes and one or two pop-ups a day. It ended up taking me
four days to remove the stuff mainly because I had to learn how. Take this
seriously. Half way through the learning process they started to download
and install their "friends" on my wifes PC. In the end she had 60 suspect
processes running with random names that weren't obvious abrieviations for
anything (eg qxpfv.exe). For each one there was a matching file in
C:\WINDOWS\

eg..

C:\WINDOWS\mdjsqjy.exe
C:\WINDOWS\odrynrc.exe

I believe she was hit with Roings and Webhancer and other malware.

To remove this lot I had to use ALL the removal tools I could find. Even
Ad-ware (with expert help) wasn't sufficient on it's own. I had to run
msconfig and remove any entries from startup tab, kill processes manually
and run several removal tools without rebooting between each step. Forget
one and reboot and the whole lot came back forcing me to start over. Got
them all in the tend though! Thinking about it now, it would be better to
have tried booting into safe mode and running tools there first.

Good luck

[r1roy]

i had that and this seemed to get rid of it http://www.mypctuneup.com/
"Peter Gurk" <none@none.com> wrote in message
newsMd6e.32700$9v2.1126927@twister.southeast.rr.com...
>I have a stupid piece of software I'm convinced is spyware but I cannot
> determine what it is. If anyone can help me identify this I'd appreciate
> it.
>
> Basically, there is a garbage-named executable in C:\WINDOWS\SYSTEM32.
> Right
> now, it's named lkkfdks.exe. Whenever I try to kill it from Task Manager,
> after I issue End Process and when the process actually goes away, it
> makes
> a copy of itself and launches the copy. So, for example, I will kill
> lkkfdks.exe and now it becomes durkkq.exe. I've tried to boot Windows XP
> Home in Diagnostic Startup, but somehow it is still launching itself. I
> even
> stripped the write privledges for everyone from the registry folder
> LM\Software\Microsoft\Windows\CurrentVersion\Run, such that there are no
> entries I can find in any of the obvious startup places. This part has me
> a
> little baffled-- not sure how it's starting itself up.
>
> So, I cannot delete the executable and I'm at a bit of a loss.
> Occasionally
> it will pop up a stupid box asking me about downloading an html file from
> abetterinternet.com. I find this hilarious, because I went to their
> website
> and they offer a second piece of software you can supposedly download to
> remove the junk (which I'm guessing they installed in the first place
> somehow). I think I'll pass on that offer...
>
> Any advice of a technical/non-technical you can provide me I'd appreciate
> it.
>
> Peter
>
>

[CalamityKen]

r1roy wrote:
> i had that and this seemed to get rid of it http://www.mypctuneup.com

Not recomended.

In IE-SPYAD and hpHOSTS file

> "Peter Gurk" <none@none.com> wrote in message
> newsMd6e.32700$9v2.1126927@twister.southeast.rr.com...
>> I have a stupid piece of software I'm convinced is spyware but I
>> cannot determine what it is. If anyone can help me identify this I'd
>> appreciate it.
>>
>> Basically, there is a garbage-named executable in
>> C:\WINDOWS\SYSTEM32. Right
>> now, it's named lkkfdks.exe. Whenever I try to kill it from Task
>> Manager, after I issue End Process and when the process actually
>> goes away, it makes
>> a copy of itself and launches the copy. So, for example, I will kill
>> lkkfdks.exe and now it becomes durkkq.exe. I've tried to boot
>> Windows XP Home in Diagnostic Startup, but somehow it is still
>> launching itself. I even
>> stripped the write privledges for everyone from the registry folder
>> LM\Software\Microsoft\Windows\CurrentVersion\Run, such that there
>> are no entries I can find in any of the obvious startup places. This
>> part has me a
>> little baffled-- not sure how it's starting itself up.
>>
>> So, I cannot delete the executable and I'm at a bit of a loss.
>> Occasionally
>> it will pop up a stupid box asking me about downloading an html file
>> from abetterinternet.com. I find this hilarious, because I went to
>> their website
>> and they offer a second piece of software you can supposedly
>> download to remove the junk (which I'm guessing they installed in
>> the first place somehow). I think I'll pass on that offer...
>>
>> Any advice of a technical/non-technical you can provide me I'd
>> appreciate it.
>>
>> Peter
--
YoKenny
Keep your Security software up to date at CoU
http://www.dozleng.com/updates/index.php?&act=calendar