Home > General > Xax.exe


In this case, please use a third-party process viewer, preferably Process Explorer, to terminate the malware/grayware/spyware file. Check if the following lines are present in the file: {garbage} [AuTOrUn {garbage} open=djtejq.exe {garbage} shell\open\Command=djtejq.exe {garbage} shell\open\Default=1 {garbage} {garbage} {garbage} If the lines are present, delete the file. lol JubeiTigeruk JubeiTigeruk, May 10, 2007 #1 matt.chugg MajorGeek Your right there isn't a lot of information on this file so before we do anything I need some more information To check if the malware/grayware/spyware process has been terminated, close Task Manager, and then open it again.

Please excuse my english, it's not my native tongue. JubeiTigeruk Last edited by a moderator: May 10, 2007 JubeiTigeruk, May 10, 2007 #5 DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member Hi You need to follow the advise I'll provide a new HighJackThis log also: Logfile of HijackThis v1.97.7 Scan saved at 14:35:49, on 2004-05-07 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: Also, restoring affected systems may require procedures other than scanning with an antivirus program.

For additional information about this threat, see: Description created:Apr. 5, 2010 8:53:38 PM GMT -0800

http://vil.nai.com/vil/content/v_125007.htm Try using Stinger ( http://vil.nai.com/vil/stinger ) to remove it as it seems like they updated it within the last few days. 0 Replies Craven de Kere 1 See if the trojan dumped the files listed on this Mcafee write up: http://vil.nai.com/vil/content/v_100930.htm I'm also finding references to these files in searches: 76FE.tmp.exe info.dll update.dll rasautou.exe xax.exe 1B78.TMP.EXE 90E8.TMP.EXE bg2.dll What is the path to the file?

Forums: Computers Email this Topic • Print this Page skinnz Reply Sun 2 May, 2004 10:50 am Hi, Anyone know how to get rid of the virus causing Worms are known to propagate using one or several of different transmission vectors like email, IRC, network shares, instant messengers (IM), and peer-to-peer (P2P) networks. Buy Home Office Online Store Renew Online Business Find a Partner Contact Us 1-877-218-7353 (M-F 8am - 5pm CST) Small Business Small Business Online Store Renew Online Find a Partner Contact If the detected file is not displayed in either Windows Task Manager or Process Explorer, continue doing the next steps.

Step1:Identify and terminate files detected as WORM_UTOTI.XAX [back] To terminate

You may download the said tool here. Please make sure you uncheck Hide protected operating system files in Folders Option>View tab, and then check the Search Hidden Files and Folders checkbox in the "More advanced options" option to naapa, May 7, 2004 #6 thegreatone Joined: Jan 10, 2003 Messages: 210 Fix these: R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{C26B05A6-64D6-4F5A-A9A2-1CBF3FFCD046}: NameServer = Once located, select the file then press SHIFT+DELETE to permanently delete the file.

Repeat the said steps for all files listed. In the left panel of the Registry Editor window, double-click the following: HKEY_LOCAL_MACHINE>Software>Microsoft> DRM Still in the left panel, locate and delete the key: amty Close Registry Editor. Thread Status: Not open for further replies. Are there startup entries ?

Worms do not infect files, but may carry one or more payloads, such as computer security compromise and information theft. What's the other things I need to remove? Change the value data of this entry to: "Explorer.exe" Close Registry Editor. In the left panel, double-click the following: HKEY_CURRENT_USER>Software>Microsoft> Windows>CurrentVersion>Explorer> Advanced In the right panel, locate the registry value: Hidden = "2" Right-click on the value name and choose Modify.

In the Look In drop-down list, select My Computer, then press Enter. Step5: Search and delete these files [learn how]*Note: There may be some component files that are hidden. naapa, May 7, 2004 #4 mobo Joined: Feb 23, 2003 Messages: 16,273 O4 - HKCU\..\Run: [LDM] C:\Program\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe Then reboot the system into safe mode and delete: C:\WINDOWS\System32\xax.exe mobo, May Step6:Search and delete AUTORUN.INF files created by WORM_UTOTI.XAX that contain these strings [learn how] {garbage} [AutoRun {garbage} open=djtejq.exe {garbage} shell\open\Command=djtejq.exe {garbage} shell\open\Default=1 {garbage} {garbage} {garbage} Step6:Search and delete AUTORUN.INF files created

JubeiTigeruk Private E-2 Hello, does anyone know what "XAX.EXE" is or what its for or anything about it? Learn More. This is very important due to some new infections going around. To do this, click Start>Run, type regedit in the text box provided, then press Enter.

Series graeca, in quo prodeunt patres, doctores scriptoresque ecclesiae graecae a S. Style Default Style Contact Us Help Home Top RSS Terms and Rules Copyright © TechGuy, Inc. I thought I'd just check out if my computer was alright, heh.

You should patch that.

I cannot seem to find the file where its coming from or whatever. No where on the PC to be found. It drops an AUTORUN.INF file to automatically execute dropped copies when the drives are accessed. Select the file, then open using Notepad.

I know for sure that I need R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login1.telia.com/ It's a login provided by my ISP Telia. Use analyse.exe for the new name. No, create an account now. Barnaba ad Bessarionem, Patrologiae cursus completus: seu bibliotheca universalis, integra, uniformis, commoda, oeconomica, omnium SS.

Show Ignored Content As Seen On Welcome to Tech Support Guy! Are there viruses or spyware that can play games with me by putting themselves into folders like that?Click to expand... Patrum, doctorum scriptorumque ecclesiasticorum, sive latinorum, sive graecorum, qui ab aevo apostolico ad tempora Innocentii III (anno 1216) pro latinis et ad concilii Florentini tempora (ann. 1439) pro graecis floruerunt. Advertisement Recent Posts Windows Automatic recovery?

Let me know if you wish to have anything else. I worked it out. Tabvla replied Mar 18, 2017 at 8:15 AM The Trump Term of Office Tabvla replied Mar 18, 2017 at 8:12 AM Portuguese characters not... Download the latest scan engine here.

I have checked the system out and it seems fine. Repeat steps 3 to 6 for the remaining AUTORUN.INF files in other remaining removable drives. Also there are steps included for installing, renaming, running, and posting HijackThis logs as attachments. Worms typically modify system settings to automatically start.

http://www.securityfocus.com/bid/10108/solution/ That site describes a vulnerability that probably started all this for you. When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too: CounterSpy - only for Thanks for any help you give guys/girls/whatever! Barnaba ad BessarionemAuthorJacques-Paul MignePublished1858Original fromHarvard UniversityDigitizedNov 12, 2007  Export CitationBiBTeXEndNoteRefManAbout Google Books - Privacy Policy - TermsofService - Blog - Information for Publishers - Report an issue - Help - Sitemap -

I've been getting this error everytime I start up Windows so I checked what programs I were running and saw 'xax.exe', no idea where this come from and it sounds kinda Log in or Sign up Tech Support Guy Home Forums > Operating Systems > Windows XP > Computer problem? Thank you for the help! Thanks for your help.