Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Questionable start up program..


  • This topic is locked This topic is locked
6 replies to this topic

#1 Citruspop

Citruspop

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 08 December 2011 - 03:19 PM

For the longest time I have been trying to figure out this program that boots with start up. Normally if it's a .EXE program I can just search it and it will tell me what I need to know and whether or not I can just go ahead and disable it to make it faster, but this one has dumbfounded me. The information I have on it is as follows:

Startup Item - $.roidixqekkk
Manufacturer - Unknown
Command - C:\Windows\System 32\$.roidixqekkk\roidixqekkk.exe
Location - HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run

Usually I would leave items that boot up with SYS32 alone, but this one is just too fishy as it is not listed anywhere on the internet.

I have a Toshiba Laptop L305-S5945 running Windows Vista Home Premium (6.0, Build 6002)

Any help deciphering what this program could be would be greatly appreciated. At this point I just want to be certain it is not a trojan or something of the sort.

Thanks,
Citruspop

Edited by hamluis, 08 December 2011 - 05:00 PM.
Moved from Vista to Am I Infected.


BC AdBot (Login to Remove)

 


#2 504Steve

504Steve

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Orleans, LA
  • Local time:08:32 AM

Posted 08 December 2011 - 04:04 PM

I think it's safe to say you'd want to go ahead and remove that .exe from startup, then delete the file permanently. It seems very questionable, no valid program I know of has an executable file like that.

Edited by 504Steve, 08 December 2011 - 04:05 PM.


#3 Artrooks

Artrooks

  • Members
  • 1,463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:10:32 AM

Posted 08 December 2011 - 04:24 PM

You might also want to post in the Am I Infected Forum? to get a "clean bill of health."

C:\Windows\System 32\$.roidixqekkk\roidixqekkk.exe

It's not just the file but the folders also. No telling what else is hiding on your hard drive.

Regards,
Brooks



 


#4 Citruspop

Citruspop
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 08 December 2011 - 04:38 PM

I think it's safe to say you'd want to go ahead and remove that .exe from startup, then delete the file permanently. It seems very questionable, no valid program I know of has an executable file like that.


The most I am able to do is remove the executable from the startup, I am not able to find the file/folder at all within the SYS32 folder even with hidden folders viewable.


You might also want to post in the Am I Infected Forum? to get a "clean bill of health."


C:\Windows\System 32\$.roidixqekkk\roidixqekkk.exe

It's not just the file but the folders also. No telling what else is hiding on your hard drive.


What folders are you referring to, my entire System 32 folder?

#5 Citruspop

Citruspop
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 08 December 2011 - 04:55 PM

I have located the file, but it was not where msconfig said it would be. The correct file location is this:

C:\Windows\SysWOW64\$.roidixqekkk

You can view the files thoroughly through the attached image here:

Attached File  File folders for questionable thread.png   125.79KB   2 downloads

#6 Artrooks

Artrooks

  • Members
  • 1,463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:10:32 AM

Posted 08 December 2011 - 05:19 PM

I would recommend that you wait for a BC Advisor before making any more changes to your system.

Regards,
Brooks



 


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:32 AM

Posted 09 December 2011 - 11:55 AM

Closing this topic ,resolved in AII...

http://www.bleepingcomputer.com/forums/topic431404.html/page__pid__2502631#entry2502631
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users