Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot remove gxqyitde.exe


  • Please log in to reply
1 reply to this topic

#1 alucardxxx

alucardxxx

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:31 AM

Posted 11 November 2011 - 12:12 PM

Someone bought their Win XP Home edition computer to me with a serious root kit infection. After running numerous scanners of CDs like UBCD4Windows, Dr Web, Avira, the system is still infected. I also ran combo fix and other numerous rootlkit scanners.

But there is a few files I cannot get rid of. They are named "gxqyitde.exe" - one in the root c:, one in a program folder called "xrymxqtq" and one in the Start folder on the start menu. It as a mediaplayer like icon.

I can delete these files manually by booting of UBCD4Windows but they keep coming back. I think th reason why it's so hard is because of the registration entry: HKLM\software\microsoft\windowsnt\currentversion\winlogon\userinit.exe, c:\programs files\xrymxqtq\gxqyitde.exe.

I can delete it within windows but it keeps coming back. I can't remove it through Autoruns or Hijackthis. And I cannot boot into SafeMode.

I have tried to edit the registry through the utilities on the UBCD but no luck. Tried a CD called PCRegedit a bootable iso that in theory gives you the ability to edit the registry, but the mouse and keyboard always goes dead just after booting.

Any suggestions except for a complete format and reinstall. Also I fixed the master boot record just in case it was one of those infections but still no dice.

Edited by hamluis, 11 November 2011 - 12:52 PM.
Moved from XP to Am I Infected.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:01 AM

Posted 11 November 2011 - 03:43 PM

Hello having run ComboFix we need to see that and a DDS log.

Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
Skip the GMER step and instead post the ComboFix log you have.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users