Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"System Fix - removed or not?" - simplified


  • Please log in to reply
No replies to this topic

#1 piersonspuppeteer

piersonspuppeteer

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 12 December 2011 - 10:18 PM

Earlier today I posted a very long question about potentially incomplete removal of the "System Fix" infection. I've given up on recovering my cached appearance (taskbar pinned icons, Start menu layout, system tray layout, desktop background, desktop items positions) - almost all of these I've simply reset already, and I can drag around my desktop items again, even if I'm lazy enough to try to recover their previous positions. I have 30 or 40, and they were arranged JUST right!

My one serious concern is a binary that's set to run at startup - every time I delete the file and the concerning registry entry/HKCU:Run key both return on reboot. The program is identified as {some alpha-numeric string} and the binary gets put at C:\Users\<User>\AppData\Roaming\Xeef\udgimii.exe. This doesn't seem like a place where a legitimate binary for this purpose should appear, and I don't see why a legitimate binary would keep popping back upon deletion. It's identified as "Windows Privacy Tray/WinPT" in one of the registry entries associated with it, but Googling udgimii.exe came up with nothing. It's also listed as a TCP and UDP Query User, which seems unnecessary for a "Windows Privacy Tray".

I've run MBAM multiple times now and, after initially removing offending files and registry entries, it now gives me a clean bill of health.

Edited by piersonspuppeteer, 12 December 2011 - 10:20 PM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users