wagonman76
Thread Starter
- Joined
- Jun 26, 2005
- Messages
- 11
I have Windows NT4, service pack 6. Recently, it has developed a problem. It keeps generating these exe files in the system32 folder called aaa.exe, bbb.exe, ccc.exe, etc. I think Ive seen every letter of the alphabet so far, but theyre always 3 letters of the same letter. When it does that, Dr Watson gives an error message, and then I delete the file. Once it has generated the file, I lose my ability to copy/paste, the ability to fill out some forms online, the ability to open a link in a new window, and who knows what else. I restart the computer and it is fine, until it does it again.
Heres what Ive done so far. When it first started developing the file, Norton would pop up and show it as being infected with "W32.Randex". It did it a few times, and I ran a full system scan. It showed maybe 6 or 7 files infected, including explorer.exe and winlogon.exe. I restarted in DOS and deleted then copied fresh versions of these files from the Windows CD. I also re-ran the SP6 update to make sure they were updated, since the CD has the original versions before any service packs. After that, Ive done a couple full system scans, along with making sure the virus definitions were updated, and it comes out clean.
But it is still doing it. And it no longer would show the files as being infected, but it is the same thing so it seems something is infected. Someone suggested it might be spyware, so I installed Spybot along with its updates, and it found a bunch of stuff and cleaned it out. Now a spyware scan comes out clean too. It ran like a million bucks for a little bit, then it created up one of those files again. Its done it about 3 times in the last hour, which is about usual. Spybot doesnt detect anything wrong.
Ive gone through the registry and checked both current user and local machine in the currentversion/run section for things that start up with the computer, and there is nothing that shouldnt be. The only thing thats there is Norton.
Ive searched on the Symantec site about W32.Randex, and read up on every instance of it, and nothing applies to what mine is doing.
Can anyone help?
Heres what Ive done so far. When it first started developing the file, Norton would pop up and show it as being infected with "W32.Randex". It did it a few times, and I ran a full system scan. It showed maybe 6 or 7 files infected, including explorer.exe and winlogon.exe. I restarted in DOS and deleted then copied fresh versions of these files from the Windows CD. I also re-ran the SP6 update to make sure they were updated, since the CD has the original versions before any service packs. After that, Ive done a couple full system scans, along with making sure the virus definitions were updated, and it comes out clean.
But it is still doing it. And it no longer would show the files as being infected, but it is the same thing so it seems something is infected. Someone suggested it might be spyware, so I installed Spybot along with its updates, and it found a bunch of stuff and cleaned it out. Now a spyware scan comes out clean too. It ran like a million bucks for a little bit, then it created up one of those files again. Its done it about 3 times in the last hour, which is about usual. Spybot doesnt detect anything wrong.
Ive gone through the registry and checked both current user and local machine in the currentversion/run section for things that start up with the computer, and there is nothing that shouldnt be. The only thing thats there is Norton.
Ive searched on the Symantec site about W32.Randex, and read up on every instance of it, and nothing applies to what mine is doing.
Can anyone help?