Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


KHX, KHW files, Persistant!

  • Please log in to reply
1 reply to this topic

#1 -GaMeR X-

-GaMeR X-

  • Members
  • 2 posts
  • Local time:01:49 AM

Posted 26 April 2010 - 08:22 AM

I have a windows computer and a linux laptop (home media/etc server), i have a networkdrive on the linux server, and it is mapped az z:\ on my windows machine. The linux share keeps getting khw, khx, files on it, (0 bytes) also a exe wile named something random. On linux they are owned (perms) by "nobody", and i cannot delete them through the network share, i must use sudo rm khw... etc. If i delete them, they just come back, this has been going on for about 5 months now, in which time i have tried everything, from re-installing from running heaps of scans :D, but its starting to get really annoying.
It also seems to infect all .exe files in the share drive, none of which i have run after the re-install.

I have tried:
- Turn main Windows pc off, delete files on linux, reboot into windows install and re-install, while having network disconnected. - came back
- Running mbam, online (java - kaspersky & housecall) spybot, etc - all clear, still coming back (mbam log: http://pastebin.com/NTMWjjx9)
- I am now posting my hijackthis log: http://pastebin.com/ayDybnEe


Edited by -GaMeR X-, 26 April 2010 - 08:29 AM.

BC AdBot (Login to Remove)


#2 Jintan


  • Malware Response Team
  • 531 posts
  • Local time:11:19 AM

Posted 30 April 2010 - 06:42 PM

Welcome to BC -GaMeR X-,

Just as a tip, you really need to review any forum sticky threads (located at the top of each forum) before posting requests. Then you would know to post all logs here, not upload them, and run different scans than the ones you chose.

However, just by what you described this really does seem to be an issue of sharing on a dual boot system that includes Windows and Linux. And with the problems occurring on the Linux partition, which our scans and work here really don't cover.

I would like to recommend you instead start a new request in the BC Linux & Unix forum here.
Ad eundum quo no duck ante iit

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users