84372872az.exe - something new?

pchman · Aug 22, 2009

Hey all, I'm Ed, I'm new to this forum.
Working on a Vista machine yesterday that was rebooting immediately after login. It did run in Safe Mode, so I installed MalwareBytes Anti-Malware and scanned. Some common junk came up, but nothing that fixed the problem. Looked for strange drivers, signature files in system32, nothing. Registry check found this: HKCU\Software\Microsoft\Windows\CurrentVersion\Run: [risky] C:\Users\<username>\AppData\Roaming\84372872az.exe. Went into msconfig, disabled this entry from startup, reboot problem solved. Further Malware (SAS) and Rootkit (Blacklight) scans were clean, HiJackThis log clean except for the aforementioned entry. Very little info found online. So I copied the file onto a flash drive and scanned it on my machine with AVG. AVG reported it was Trojan horse SHeur2.AYAK. Anyone else know anything about this? Is it that new?

chaslang · Aug 25, 2009

Welcome to Major Geeks!

pchman said: ↑

Anyone else know anything about this? Is it that new?
Click to expand...

Yes there are dozens of infections like this. The file names and locations can be random. And names given to infections by scanners can be totally meaningless especially since they rarely define what they thing the infection does. You probably would be well served running our full cleaning procedure to be safe. See the below:

READ & RUN ME FIRST. Malware Removal Guide

Also note, in the future you should not be cross posting your questions/problems to multiple forums. This is frown upon because you are wasting precious resource at multiple locations and we are too busy for this. I can see you post at a minimum at the Spybot ( http://forums.spybot.info/showthread.php?p=331087 ) and TechSupport ( http://www.techsupportforum.com/sec...solved-hjt-threads/407222-84372872az-exe.html ) forums.

Log in or Sign up

84372872az.exe - something new?

pchman Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member