Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

mysterious Chinese trojan?

  • Please log in to reply



    New Member

  • Member
  • Pip
  • 1 posts
Back in March I spent a month in Beijing, and when I brought my laptop back I started noticing a strange IE popup window and a suspicious exe file running in my system processes. In an idle state (but only when connected to the internet), a new IE window would pop up with a Chinese webpage full of banner ads. These didn't seem overtly harmful but they were annoying and would occur maybe once or twice a day.

I looked at the processes running under ctrl-alt-del and noticed that the file "776546.exe" was usually running prior to a popup and taking about 7-14k of memory. This file now starts up whenever I start my computer, despite unchecking it under msconfig. For awhile a second file, "HV7-CE6F" or something would also come up after the pop up window had opened. AVG scans overlooked these files or sometimes caught them around the c:/documents and settings/win32 area but they never got removed from my system.

This has been going on for about 6 months now (I really should have taken care of this earlier, I know!). The popups don't come up any more after I blocked the site they were redirecting to in IE, but I am still really worried about what this might be doing to my computer.

My AVG has also uncovered and virus-vaulted other trojans like i-783.exe which I saw on another post in the forums.

I've also been having problems on my flash drive and external HD, which are both included in the OTS scan. I plugged my external HD into my friend's computer in order to watch some movies, and afterward she also had the 776546.exe running and the same popups occuring on her computer!

I really need to fix this for myself and for the wonderful girl whose computer I infected. Your help is greatly appreciated!

Here are my OTS and RootRepeal files. In the RootRepeal file, you can see Chinese characters in the file names of some of the harmful files.

Thanks a lot!

Attached Files

  • 0


Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP