PDA

View Full Version : 84372872az.exe - something new?



pchman
2009-08-23, 04:25
Hey all, I'm Ed, I'm new to this forum.
Working on a Vista machine yesterday that was rebooting immediately after login. It did run in Safe Mode, so I installed MalwareBytes Anti-Malware and scanned. Some common junk came up, but nothing that fixed the problem. Looked for strange drivers, signature files in system32, nothing. Registry check found this: HKCU\Software\Microsoft\Windows\CurrentVersion\Run: [risky] C:\Users\<username>\AppData\Roaming\84372872az.exe. Went into msconfig, disabled this entry from startup, reboot problem solved. Further Malware (SAS) and Rootkit (Blacklight) scans were clean, HiJackThis log clean except for the aforementioned entry. Very little info found online. So I copied the file onto a flash drive and scanned it on my machine with AVG. AVG reported it was Trojan horse SHeur2.AYAK. Anyone else know anything about this? Is it that new?

ken545
2009-08-26, 04:02
http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/resolved-hjt-threads/407222-84372872az-exe.html

Being helped here, this topic will be closed