Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Virus in C:/Program Data/Microsoft

  • Please log in to reply
2 replies to this topic

#1 keithmoon


  • Members
  • 4 posts
  • Local time:04:03 PM

Posted 21 April 2014 - 07:55 AM



Its in a folder represented only by digits...its an .exe file, when you delete it then it just re-appears. I have deleted it from the registry, and it just re-appears in the registry.


My problem is i am on a pay as you go dongle plan. Its running in the back ground downloading heaps of data. I had 10 gig of data 24 hours ago, i now have 6 gig of data. Everyytime i am on line where i would normally use say 1 meg in a 10 minute spell, i am using 40 meg of data....


Don't know what to do. My malicious spy software does not pick it up. It even had a Microsoft label, it looks like its a legit software piece of kit...

Edited by hamluis, 21 April 2014 - 08:02 AM.
Moved from Win 7 to Am I Infected - Hamluis.

BC AdBot (Login to Remove)



#2 keithmoon

  • Topic Starter

  • Members
  • 4 posts
  • Local time:04:03 PM

Posted 21 April 2014 - 09:21 AM

Directory of the virus......C:\ProgramData\Microsoft\{828b6afb-2a06-b0c0-1613-f1649a62ceec}


Virus File...........{828b6afb-2a06-b0c0-1613-f1649a62ceec}.exe



Registry Location......HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run




In WINDOWS Startup........ Microsoft R WINDOWS R OPERATING SYSTEM The R has a circle around it like a Genuine Windows Microsoft Certificate




In Windows Services this service/virus automatically starts these services..Normally these services would be a manual start, but the virus starts them....


Display Name - Computer Browser

C:\Windows\System32\svchost.exe -k netsvcs

Service Name - Browser


Display Name - IPsec Policy Agent

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

Service Name - PolicyAgent


Please help, i am losing all my data, i paid $100 bucks in Australia for 10 gig of data, and lost half of it....

Edited by keithmoon, 21 April 2014 - 09:22 AM.

#3 keithmoon

  • Topic Starter

  • Members
  • 4 posts
  • Local time:04:03 PM

Posted 21 April 2014 - 10:37 PM

Has anybody got any idea's? I am lost..


It looks like a genuine Microsoft Windows Operating System File, but for one it should not be in the Program Data/Microsoft Folder, as it has only appeared these last few days in there....


Also, when i do MSCONFIG, in startup, under items it has a Microsoft Windows Operating System File entry, which i have never seen before, and looking in the registry, this is the entry.



Evertime i delete it from the registry, it re-appears, and every time i delete the folder with the {828b6afb-2a06-b0c0-1613-f1649a62ceec}.exe in it, it just re-appears....


How can i get rid of this file without a complete format?


I have done a complete Malwarebytes scan, and it does not pick it up as the file looks genuine, but in Windows Tadsk Manager it is showing a Host Process for Windows Tasks (svchost.exe) Everytime i end these processes they start up again.


Where do i need to look and what do i need to look for?


Thanks for any help...

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users