TechSpot

Bin Okay.exe I delete it, but keeps coming back, system restore is disabled

By geo__
Sep 12, 2005
  1. Hi all,
    the problem is with the following entry from hijackthis.
    I click fix and then I delete the directory but within 20 minutes it's created again even without rebooting the pc.

    O4 - HKCU\..\Run: [Grey media] C:\DOCUME~1\george\APPLIC~1\STORET~1\Bin Okay.exe

    this file is responsible for pop-ups of annoying sites.
    I tried ewildo but it can't locate it. I also tried spybot search and destroy but it can't find it either.
    Please help!
    george
     
  2. geo__

    geo__ TS Rookie Topic Starter

    running processes

    Here are the running processes. I can't find anything suspicious
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Apache\Apache.exe
    C:\Program Files\DU Meter\DUMeter.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\CE-Infosys\CompuSec\floppy.exe
    c:\windows\system32\ceisvc.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    C:\Program Files\CE-Infosys\CompuSec\policy_service.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\Apache\Apache.exe
    C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\WINDOWS\System32\svchost.exe
    E:\NewsBin\nbpro.exe
    c:\apache\apache.EXE
    c:\apache\apache.EXE
    c:\apache\apache.EXE
    c:\apache\apache.EXE
    c:\apache\apache.EXE
    c:\apache\apache.EXE
    c:\apache\apache.EXE
    c:\apache\apache.EXE
    c:\apache\apache.EXE
    c:\apache\apache.EXE
    c:\apache\apache.EXE
    c:\apache\apache.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Winamp\Winamp.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\SNDVOL32.EXE
    c:\apache\apache.EXE
    c:\apache\apache.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\george\Desktop\downloads\antivirus\hijackthis\HijackThis.exe
     
  3. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...