GWXJTLQQJO & ZXOTMPA - Unrecognised Standard Services in Windows 7!!

Bandolier · ‎10-14-2010

Hello

One of my system been playing up last couple of days. Several Firefox crashes but with no obvious reason. Started looking around and came across this service in the Standard group:

Service Name: ZXOTMPA
Display Name: ZXOTMPA
Description:
Path to EXE: C:\Users\Martyn\AppData\Local\Temp\ZXOTMPA.exe
Startup: Manual
Status: Stopped
Logging on as the local system account and interacting with the desktop.
Type (from registry) 110 Hex (272 Dec)

Also found a second service, again in the Standard group

GWXJTLQQJO

May not be the cause of my Firefox issues but either way guessing that these services should not be there. Google search revealed nothing!

Any comments, hints or tips on what to do next greatly appreciated.

Cheers

Martyn

SendOfJive · ‎02-07-2009

Hi Bandolier,

Do you use RootkitRevealer? Each time you run RootkitRevealer it creates a randomly named copy of itself that runs as a Windows service. It does this because rootkits are able to avoid detection by tricking RootkitRevealer if they recognize it running. Your services look like the sorts of names that RootkitRevealer creates for itself.

http://forum.sysinternals.com/topic1650_page1.html