Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


B.exe, Xzxzxzxzxzxz.exe

  • Please log in to reply
2 replies to this topic

#1 Dahabibi


  • Members
  • 6 posts
  • Local time:09:32 AM

Posted 25 February 2006 - 05:08 PM

I have found 2 suspicious files on my system, both of which I can't seem to get rid of. I tried several virus-, malware- and spyware scans, none of them seem to notice these programs OR they do but can't remove them. I also tried deleting them manually, in safe mode and in regular mode but after reboot they're back.

A program called b.exe is located in my windows folder, and one of my many scanners (forget which one) noted it as a virus but couldn't remove it. I also googled it and indeed it seems to be a virus ('talkstocks'?).

Then there's xzxzxzxzxzxz.exe, for which you can totally blame my cat. See, I downloaded what I thought was an .avi, but it turned out to be an .exe. Of course this looked suspicious to me, so I decided to remove it. Then the cat jumped on the desk and I ended up double clicking, and executing the file. In the my downloads folder, it created a hidden folder called _ (underscore)
and in it is the xzxzxzxzxzxz.exe. I can't 'unhide' the folder, this option is greyed out in the properties window.

I've tried googling this one, but I can't find it. I can however find a zx.exe and an xz.exe in google (which both can be a worm or a trojan dropper). Is the xzxzxzxzxzxz.exe something new? None of my scanners have noticed it...

Also, I ran hijack this, and there's nothing there that I don't recognize or that shouldn't be there. So apparently it's not running a process (that I know of). What I am worried about though, is that the creation date of the file is 16 march 2006, 23:50:55, which makes me think the file maybe timed to execute on that date? Or am I being paranoid now?

And another thing, right after I accidentally executed the virus, I began having trouble with taskmgr and regedit, they both didn't work... but after running a gazillion scanners and removing some stuff here and there, those problems seem to be resolved, however the b.exe and xzxzxzxzxzxz.exe files are still there.

So my question is, what are they, are they dangerous and how do I kill them? I'll do a clean reinstall of Windows if necessary, but I'll try avoiding that at all cost.

I'll post a hijack this log if necessary, but I'm pretty sure there's nothing there that shouldn't be there (I'm not an expert yet, but I do kind of know what I'm doing)

Hope someone can help me... I'd hate to have my computer explode or something on march 16 :thumbsup:

Right, off to make my cat into a nice warm pair of mittens. :flowers:

ETA: Forgot to add, I'm on WinXP SP2

Edited by Dahabibi, 25 February 2006 - 05:14 PM.

BC AdBot (Login to Remove)


#2 tg1911


    Lord Spam Magnet

  • Members
  • 19,274 posts
  • Gender:Male
  • Location:SW Louisiana
  • Local time:08:32 AM

Posted 25 February 2006 - 09:04 PM

I suggest you post a HJT log for our Team to examine.

Read How to post a HijackThis Log.
Please read, and follow, all directions carefully.

Then, run a log, and post it in the HJT forum, at this link. Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
It may take a while to get a response, because the HJT Team are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.

Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#3 Leurgy


    Voted most likely

  • Members
  • 3,831 posts
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:09:32 AM

Posted 26 February 2006 - 12:19 PM

Hi Dahabibi

You can remove those files with KillBox.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users