Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


U.exe found in Root Directory?

  • Please log in to reply
1 reply to this topic

#1 TorontoMike


  • Members
  • 1 posts
  • Local time:02:20 AM

Posted 31 March 2009 - 08:41 PM

I found an incident of U.exe found in the root directory of my C: drive.

Had not noticed it there before tonight.

Did a google search and one site said that 70% of the time, U.exe had connections to some kind of Trojan or Virus.

I'm running an in-depth scan of my drives using NOD32 but I'm worried about it's affectiveness to pick up a Trojan if that's what it is.

Anyone have any thoughts on U.exe in the root directory?

BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,780 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:20 AM

Posted 01 April 2009 - 10:40 AM

ThreatExpert's awareness of u.exe

Anytime you come across a suspicious file for which you cannot find any information about, the file has a legitimate name but is not located where it is supposed to be, or you want a second opinion, submit it to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.

If the results indicate malware, then download the portable version of FileASSASSIN and save FA_Portable.zip to your desktop.
  • Create a new folder on your C:\ drive named FileAssassin and extract (unzip) the file to that folder. (click here if you're not sure how to do this. Vista users refer to this link.)
  • Note: If you downloaded the installable version instead, just double-click on fa-setup.exe to install and then launch FileASSASSIN from the program folder.
  • Open the folder and double-click on FileASSASSIN.exe to launch the tool.
  • Select the file to delete by dragging it onto the text area or find it using the (...) browse button.
  • If you browsed to the file, click on it to highlight, then select Open.
  • Leave the default "Attempt FileASSASSIN's method of file processing".
  • Put a check mark next to Delete File and click Execute to begin the removal process.
  • If removal did not require a reboot, you will receive a message indicating the file was deleted successfully.
  • Click Ok and exit FileASSASSIN.
  • If the file did not remove, start the program again, select the file the same way as before and this time check "Use delete on reboot function from windows."
-- If the file(s) returns, then you probably have other malware on your system which is protecting or regenerating it.

Caution: Be careful what you delete. FileAssassin is a powerful program, designed to move highly persistent files. Using it incorrectly could lead to serious problems with your operating system.

Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users