does anyone know what this is

ibgrinchiest · 02-01-2007, 08:09 PM

i use kerio as my firewall and it keeps bringing this up can someone help me ive scanned my system and cant find the file

Technical details about the intrusion attempt:

Injector application: C:\windows\system32\kaxmcyvlqg.exe
Description: kaxmcyvlqg
File version:
Product name:
Product version:
Created: 2007/1/25, 21:58:23
Modified: 2007/1/25, 21:58:23
Accessed: 2007/2/2, 02:46:39

Target application: C:\WINDOWS\Explorer.EXE
Description: Windows Explorer
File version: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Product name: Microsoft® Windows® Operating System
Product version: 6.00.2900.2180
Created: 2004/10/8, 12:01:47
Modified: 2004/10/8, 12:01:47
Accessed: 2007/2/2, 02:46:37

Address of injection: 0x00A60123

ejames82 · 02-01-2007, 09:22 PM

i use kerio 2.1.5, but i am not an expert. i suggest you try dslreports. Ed James

ibgrinchiest · 02-02-2007, 08:47 AM

dsl reports? for one i not have a dsl and two there is nothing on this page that refers to dsl.....thank you for you reply....

ejames82 · 02-02-2007, 09:26 AM

http://www.dslreports.com/forum/kerio

it's hard to find help with the firewall that i have, 2.1.5. you didn't say which version that you have. this is not specifically a website geared toward dsl. this is the best kerio help that i can find.

**Glaswegian** · 02-02-2007, 01:53 PM

Hi ibgrinchiest and welcome to TSF.

No need to go anywhere else - we have the best Security Team on the web! This is undoubtedly malware - the random name is a giveaway - and looks as though it's trying to inject itself into IE. I suggest you follow these instructions as it's possible it has asked other malware to join it on your system.

Please download HijackThis - this program will help us determine if there is any spyware/malware on your computer.

Create a folder at C:\HJT and move HijackThis.exe there.
Make sure you close down EVERY open window and close ALL browser windows. The only thing that should be open is the HijackThis program.
Run a scan and save the log file.
Copy the text file (Ctrl+A then Ctrl+C) and paste it (Ctrl+V) in a new thread in the HJT Forum (do not attach it or post it here).
Do not fix any entries in HijackThis since they may be harmless.

Make sure to include the System information at the top of the log as well.

We'll then have a look and provide instructions to clean your system, if required. Please note that the HJT forum is constantly busy, so I would ask that you be patient while waiting for a reply.

02-01-2007, 08:09 PM	#1 (permalink)
ibgrinchiest Registered User Join Date: Feb 2007 Posts: 2 OS: winxp pro	does anyone know what this is i use kerio as my firewall and it keeps bringing this up can someone help me ive scanned my system and cant find the file Technical details about the intrusion attempt: Injector application: C:\windows\system32\kaxmcyvlqg.exe Description: kaxmcyvlqg File version: Product name: Product version: Created: 2007/1/25, 21:58:23 Modified: 2007/1/25, 21:58:23 Accessed: 2007/2/2, 02:46:39 Target application: C:\WINDOWS\Explorer.EXE Description: Windows Explorer File version: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Product name: Microsoft® Windows® Operating System Product version: 6.00.2900.2180 Created: 2004/10/8, 12:01:47 Modified: 2004/10/8, 12:01:47 Accessed: 2007/2/2, 02:46:37 Address of injection: 0x00A60123

02-02-2007, 01:53 PM	#5 (permalink)
Glaswegian Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic Join Date: Sep 2005 Location: Glasgow Posts: 20,885 OS: Win XP Pro SP3 My System Blog Entries: 9	Hi ibgrinchiest and welcome to TSF. No need to go anywhere else - we have the best Security Team on the web! This is undoubtedly malware - the random name is a giveaway - and looks as though it's trying to inject itself into IE. I suggest you follow these instructions as it's possible it has asked other malware to join it on your system. Please download HijackThis - this program will help us determine if there is any spyware/malware on your computer. Create a folder at C:\HJT and move HijackThis.exe there. Make sure you close down EVERY open window and close ALL browser windows. The only thing that should be open is the HijackThis program. Run a scan and save the log file. Copy the text file (Ctrl+A then Ctrl+C) and paste it (Ctrl+V) in a new thread in the HJT Forum (do not attach it or post it here). Do not fix any entries in HijackThis since they may be harmless. Make sure to include the System information at the top of the log as well. We'll then have a look and provide instructions to clean your system, if required. Please note that the HJT forum is constantly busy, so I would ask that you be patient while waiting for a reply. __________________ Iain - Defender of the Haggis and all things Scottish. I don't help by PM - post in the Forums. Ad-Aware::SpywareBlaster::SpyBot::SpywareGuard::SnoopFree::AVG Free::HOSTS File::HijackThis::Donate::5 Steps For Infected PCs

02-01-2007, 09:22 PM	#2 (permalink)
ejames82 Registered User Join Date: Oct 2006 Posts: 367 OS: XP	i use kerio 2.1.5, but i am not an expert. i suggest you try dslreports. Ed James

02-02-2007, 08:47 AM	#3 (permalink)
ibgrinchiest Registered User Join Date: Feb 2007 Posts: 2 OS: winxp pro	dsl reports? for one i not have a dsl and two there is nothing on this page that refers to dsl.....thank you for you reply....

02-02-2007, 09:26 AM	#4 (permalink)
ejames82 Registered User Join Date: Oct 2006 Posts: 367 OS: XP	http://www.dslreports.com/forum/kerio it's hard to find help with the firewall that i have, 2.1.5. you didn't say which version that you have. this is not specifically a website geared toward dsl. this is the best kerio help that i can find.