87dke3Fr.exe

[Yamagata 1st MRB]

This cannot be deleted, it uses up cpu and lags the network connection. Ending the process doesn't work, it starts back up. You cannot delete the file from the system because it is always in use (There may be a way to unfreeze the folder with MalwareBytes) And it is hidden in the registry.

Any clues as to what it is and how to remove it?

[Elder]

seeing that it's a .exe... it's a command file, so it could probably be some sort of virus... and yes, I know that i'm not that good with all the problems with computers, but I know my way around

[Dillon 1st MRB]

Use process explorer (google it in quotes) and you can find what program launches it.

I would also look at using Hijack This (see the other post about Marsden needing help).

But, I would first try malwarebytes. www.malwarebytes.org.

[Francoeur]

Reboot your computer in safe mode. This keeps drivers and startup apps from launching. Then you can go and find the offending .exe and delete it.

Also go to Start > Run > regedit32 search for runonce When it finds the keys you actually want to go to run. It will be right next to runonce. Look in this key and see if this .exe is called in there. If so highlight the line and delete it.

Look me up in vent when I'm around and I can talk you through this if you don't feel comfortable. Any changes to the registry could have a desasterous effect. Do this only if you feel comfortable doing it.

MSgt. Francoeur

[Yamagata 1st MRB]

Use process explorer (google it in quotes) and you can find what program launches it.

I found that program, I'll be suggesting it.

I would also look at using Hijack This (see the other post about Marsden needing help).

Good suggestion. Hijackthis is a great program, I will suggest it.

But, I would first try malwarebytes. www.malwarebytes.org.

I mentioned that in my first post, it's on the list of things to try.

Reboot your computer in safe mode. This keeps drivers and startup apps from launching. Then you can go and find the offending .exe and delete it.

It does not appear in safe mode.

Also go to Start > Run > regedit32 search for runonce When it finds the keys you actually want to go to run. It will be right next to runonce. Look in this key and see if this .exe is called in there. If so highlight the line and delete it.

It is apparently hidden/not found in the registry, but I'll mention the runonce as a place to check.

Look me up in vent when I'm around and I can talk you through this if you don't feel comfortable. Any changes to the registry could have a desasterous effect. Do this only if you feel comfortable doing it.

Luckily it's not on my computer, it's on my professor's computer.

I've asked my CS prof about it too, he suggests booting from a Linux boot disk and then try to delete the file/end the process.

Thanks for the suggestions everyone.

[Dillon 1st MRB]

If I remember correctly, I think you are dealing with a virtumondo/virtumumdo type of issue. These are 2 or 3 layer issues. The file you are dealing with, if deleted, will be respawned by a backup process that only exists to spawn the exe again. And sometimes, there is another backup process that only spawns the other process. These can be real bears to remove. I'd go malwarebytes, full scan, and see what happens.