Tech Support Forum - View Single Post

Five over · 09-21-2006, 07:42 AM

Sorry to bother you.
I noted that my firewall (NIS) was showing in/out connections to xakepy.ru.
A google search was looking ominous.

I have NAV/NIS/NPF
Spywareblaster
SpywareGuard
BOClean
Spybot with TeaTimer.
Use FF (almost) exclusively with NoScript. IE is "locked down" as possible
Scan with Avira free, Ewido, SPysweeper semiregularly: never seen anything before.

Panic!
Deleted everything I could think of, scanned with NAV,KAV,Ewido, SS, Gmer, RKR, Darkspy, ran evry detection tool i had: Nothing.

Googled some more and found out about this nasty: lzx32.Sys

Searched my box and foundthese with Spybot:
Win23.PE: Settings
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pe386

Win23.PE: Settings
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pe386

This seems to indicate the presence of something?
Cannot find the Sytem32.lzx32 folder.

I also read there is a varient of the pe386 trojan that installs a system file with random id.

I am worried firstly how this got here?
What do i do to find it if it is there.

Please, advise.
I have posted this problem elsewhere and had no response for 4 days.
Just a little desperate.

Thankyou.

09-21-2006, 07:42 AM	#1 (permalink)
Five over Registered User Join Date: Sep 2006 Posts: 30 OS: xphomesp2, Linux Registered user 469135	?pe386 ?lzx32.Sys: need help Sorry to bother you. I noted that my firewall (NIS) was showing in/out connections to xakepy.ru. A google search was looking ominous. I have NAV/NIS/NPF Spywareblaster SpywareGuard BOClean Spybot with TeaTimer. Use FF (almost) exclusively with NoScript. IE is "locked down" as possible Scan with Avira free, Ewido, SPysweeper semiregularly: never seen anything before. Panic! Deleted everything I could think of, scanned with NAV,KAV,Ewido, SS, Gmer, RKR, Darkspy, ran evry detection tool i had: Nothing. Googled some more and found out about this nasty: lzx32.Sys Searched my box and foundthese with Spybot: Win23.PE: Settings HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pe386 Win23.PE: Settings HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pe386 This seems to indicate the presence of something? Cannot find the Sytem32.lzx32 folder. I also read there is a varient of the pe386 trojan that installs a system file with random id. I am worried firstly how this got here? What do i do to find it if it is there. Please, advise. I have posted this problem elsewhere and had no response for 4 days. Just a little desperate. Thankyou. __________________ a little knowledge can be a dangerous thing