Hello,

I am a home PC user consultant and I am in need of help with a PC that is horribly infested with all sorts of "yicky" bad things that I am not able to research through the usual channels. The machine is an old PC running Win ME.

I have things listed in the machine's start up and running processes that I can not recognize because they are all sorts of letters and numbers in combination. I would appreciate any and all assistance with this. Here's what's loaded:

GLEL.EXE
5QEKE7T5NG9WG2-OKXY.EXE (general comment....What the hell???)
16494293046456 (again, what the hell???)
AUTOLOADERPZ5Q1JISKJIX UPN2DLL.EXE-PC="AM.WILD" HIDE UNINSTALL (I am really uncomfortable with anything that is installed and goes to the extreme to hide its uninstaller)
IEGSJ NSSDRKBI.EXE-QUIET
VS7DEBUG/MDMEXE

I also am working on a pair of machines that currently (Win XP HE) that have an item listed in the MSCONFIG as existing as a line item but there is no identifying information on the items. It is just a checkbox and the area next to it where the identification info is supposed to be is blank. Does anyone know how to figure out what is hiding itself? My opinion/gut feeling is that it is something nefarious.

Thank you all in advance for your assistance. If you wish to e-mail me directly my e-mail is removed for your security; spambots pass this way

I will also be using the much recommended hijackthis program

Sincerely,
AliCat_Klein

Hi AliCat_Klein,

Best have one of our experts take a look at those strange running processes then. Please follow these instructions carefully then proceed as follows:


First:
Please read these messages
Virus=Read This: /postt8864.html
HiJack= Read This: /t911-Before_You_Post_Read_Follow_These_Rules_and_Guidelines.html

Then
Download: HiJack This!

Create and Unzip to a folder not your Desktop or the Temp folder, doubleclick HijackThis.exe, and press "Scan".
Unzip the download (using a piece of software like: Winzip)


When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log in a text file, and post it in the CCSP "Spyware - Hijack Related" forum:

/f67-Trend_Micro_HijackThis_Logs.html


Most of what it lists will be harmless or even required, so do NOT fix anything yet.
Someone here will be happy to help you analyze the results.


*Please, be patient. An expert will examine your log and this does take time. Please, no 'Bumps' and no 'Duplicates'. Thank you.*

Hello,

Thank you for the quick reply to my problem. I have reviewed the instructions and I sincerely apologize for any person that I might have offended with my "What the "H"" comments.

It is my intention to make use of the Hijackthis program when I return to my client as I have already downloaded it.

Have a great day!

AliCat_Klein