Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

new guy wondering what startup file this is


  • Please log in to reply
1 reply to this topic

#1 fordsucks7

fordsucks7

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:spokane
  • Local time:02:54 PM

Posted 25 June 2010 - 09:14 PM

hey every im new here i thought that looked like a friendly site so here i go.
Okay i was running ccleaner and looked at my startup "i keep my pc clean" and i noticed this weird registry or binary file i was just curious to what it is i already deleted it but it comes back which is usually a virus?
heres the startup list
Yes HKCU:Run ctfmon.exe C:\WINDOWS\system32\ctfmon.exe
Yes HKCU:Run swg "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
Yes HKCU:Run {48BA6D50-A276-C634-622F-3EBEDE30738E} "C:\Documents and Settings\Admin\Application Data\Wazuy\ycqor.exe"Yes HKLM:Run BDAgent "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
Yes HKLM:Run BitDefender Antiphishing Helper "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"

windows xp
intel dual core 3.0
1gb ram
nividia geforce fx 5200
crappy sony vaio case really small

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 AM

Posted 28 June 2010 - 05:44 PM

It looks suspicious to me. Try uploading the ycqor.exe file at Jotti for analysis.

http://virusscan.jotti.org/en-gb
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users