Sign in with
Sign up | Sign in
Your question
Solved

Scary Drivers XPP sp3

Last response: in Windows XP
Share
December 20, 2011 12:19:45 AM

I have located 2 drivers with Sysinternals...Autoruns with no info in Google and with scary names... they are

xctvekqdhabj.sys and xjrygogforhh.sys

any ideas? I want to mark them to stop but unsure either way. Laptop seems to run funny anyway lately.

thanks

More about : scary drivers xpp sp3

a b D Laptop
December 20, 2011 12:42:26 AM

You can be sure they are malware... I'm not sure if Autoruns will just stop them and not delete them, so better use an antimalware application... Malwarebytes Anti-Malware is one of the best antimalware applications around if not the best one.
m
0
l
December 20, 2011 8:06:45 AM

Thanks, but don't think so simple. Have used Malware Bytes, Kaspersky, Panda, AVG, Avira, Avast, Eset, Trend Micro and now I'm using Microsoft Security.

Not one of them has called these to my attention. I guess next step is to repartition my drive, move them there and open them with an editor to investigate.

Will update everyone...have you checked your PC.

Thanks for you input.
m
0
l
Related resources
a b D Laptop
December 20, 2011 7:50:45 PM

Well if not one security application has ID'd those .sys files as malware, it may be they don't have the definitions to detect them, no security application is 100% effective, most don’t even get pas 86%... because they don’t have all the bugs in their definitions, but you know when they are not system files and when they should be deleted… but go ahead and investigate them… doing it in another partition won’t make a difference. You would do better to send them to a security apps developer.

Quote:
"...have you checked your PC." ???


my own PC? Meaning what exactly??? but, to answer your question; Course I do it all the time and I delete unknown files with scary names if the security apps don’t
m
0
l
December 23, 2011 11:41:33 PM

Sorry for delay. Finally had time to open and investigate these files.

Turns out they belong to Panda Software F i l e V e r s i o n 1 , 0 , 0, 6 4 but usage unknown.

Anyway safe to remove or leave on system.
m
0
l

Best solution

a b D Laptop
December 24, 2011 2:03:22 AM

They could be malware that Panda has quarantined. If that should be the case, they have most likely been rendered harmless.

Look in the Panda quarantine to confirm this... if they are in quarantine, you could scan them with another antivirus or antimalware and see if they detect them as malware. I seriously doubt they are part of the Panda program files, but you could ask the panda support or website, I could only find the Panda Cloud Antivirus forum but you can probably ask there for information.

Other than all the trouble, just delete the files after all you can reinstall the Panda Antivirus or uninstall it since it's not your main antivirus and you only need one... more than one antivirus can create conflicts on the system.

http://www.cloudantivirus.com/forum/index.jspa
Share
December 24, 2011 1:32:39 PM

Chicano,

Thst's the best idea. I had already renamed them "old" since they were in registry therefore rendering harmless anyway. There were no ill effects from this so, after I found them to be related to Panda just deleted. Seems to work fine. Now if only I could the 100% CPU usage...but that's another thread for another time.

Can you close this thread with a "Best Answer" ?

Thanks

m
0
l
a b D Laptop
December 24, 2011 5:35:19 PM

OK, so you've done the right thing.. The 100% CPU usage can be related to malware, if you get it at any time, or a conflict with Automatic Windows Updates on pre-sp3 systems, if you get it right after booting the computer... in this case you can fix-it with a specific update or updating your system tp SP3. And if you get it at any time; Remove startup programs from msconfig in Start\Run\type: "msconfig" (no quotes) and Enter... and in the Startup tab\uncheck all processes except the antivirus and any you may need. Then in the Services tab\check "Hide all Microsoft Services" this will isolate third party services, and you need to uncheck unnecessary third party services. Apply and Accept to Exit. Next do a spyware scan, delete all user and system temp files in; Start\Run\type: %temp% and %SystemRoot%\TEMP

Another caue for the 100% CPU usage can be Firefox's plugin-container.exe which can be easily disabled.. I can't remember how to right now, so check first if it's plugin container causing high CPU usage in the taskmanager.

Best Answer can't close the thread, only a moderator can close it.
m
0
l
December 25, 2011 8:31:20 AM

Best answer selected by specialed_58.
m
0
l
a b D Laptop
December 25, 2011 6:47:34 PM

specialed_58 said:
Best answer selected by specialed_58.
THANKS!!
n
m
0
l
!