Next Generation Emulation banner
1 - 6 of 6 Posts

·
Registered
Joined
·
2,967 Posts
Discussion Starter · #1 ·
Speedhack.exe

Ok, I'm not sure if this is a trojan/virus/keylog or whatever but I found this on my processes and tried to remove it (I found out that it was located in C:/Windows/System32), but after minutes of searching there's no single trace of the file in the said location.

I entered the whole C:/Windows/System32/speedhack.exe on the address bar and it asked me to 'save' or 'run' the program, knowing that its probably up to no good (and my true purpose is to delete it) I saved it on my desktop hoping that it would show up. Unfortunately, it wasnt there.

It was invisible.
 

·
Emulation to the max!
Joined
·
2,560 Posts
how do they hide it like that. i have "show all files" including system options checked so why can't you see them. I've had said problem before.
 

·
Emulation to the max!
Joined
·
2,560 Posts
ya but that dosent hide files that just defines what runs when windows starts. and most viruses dont use that anymore.
 

·
Transcended
Joined
·
1,416 Posts
Adaware and Spybot will only help you if the bugger is a known threat already. But in any case, I think an AV is more suited to the task.

Viruses still use the Run key you know. It's still the most effective. There are a truckload of other keys to use, most of which I've forgotten already. But aside form the HKCU and HKLM Run keys, the next most common are installations via Services.

If you have the view all set properly (set to include system files as well), but it's not there even if your process manager says otherwise, then it's using rootkit level stealth mechanisms to hide it. Make sure the process is dead as well as all it's supporting spawns (if ever). Worse comes to worse, reboot into Safe Mode Command Prompt. You SHOULD be able to see and delete it then. You CAN use a DOS-based File Manager to see it, which the malware might not have bothered to circumvent, but that's another story.

Or Google the filename. There are quite a few sites that detail malicious files that run on startup. CastleCops, comes to mind.
 
1 - 6 of 6 Posts
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top