My XP/SP3 system recently got infected with Alpha (dubious) Antivirus. I
followed intsruction posted on the web to uninstall this malicious trojan.

Under registery:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run

I found an entry 79932434.exe pointing to Windows prefetch folder...

I checked the folder and found the file (C:\Windows\Prefetch)
79932434.Exe/018DD50B.pf

The file's property indicated it was created about the same day my system
got infected. Does anyone about this file ... I want to be sure before
deleting the registry key

thanks

-------- Original-Nachricht --------

> My XP/SP3 system recently got infected with Alpha (dubious) Antivirus. I
> followed intsruction posted on the web to uninstall this malicious trojan.
>
> Under registery:
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run
>
> I found an entry 79932434.exe pointing to Windows prefetch folder...
>
> I checked the folder and found the file (C:\Windows\Prefetch)
> 79932434.Exe/018DD50B.pf
>
> The file's property indicated it was created about the same day my system
> got infected. Does anyone about this file ... I want to be sure before
> deleting the registry key
>
> thanks
>
>

If you search with Google for 79932434.exe you get 6 hits, ALL pointing
to your question ..

I think that anwers your question !

Bernd

On Nov 1, 9:17*pm, "jpBless" <jp3blessNoS...********.com> wrote:
> My XP/SP3 system recently got infected with Alpha (dubious) Antivirus. I
> followed intsruction posted on the web to uninstall this malicious trojan..
>
> Under registery:
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run
>
> I found an entry 79932434.exe pointing to Windows prefetch folder...
>
> I checked the folder and found the file (C:\Windows\Prefetch)
> 79932434.Exe/018DD50B.pf
>
> The file's property indicated it was created about the same day my system
> got infected. Does anyone about this file ... I want to be sure before
> deleting the registry key
>
> thanks

I don't know how the Google hits help the OP with the issue.

It is suspicious since it is not a Windows XP file and has been added
to your LM/run settings so it will start whenever your machine
starts. It looks like leftovers from some malicious software.

If you can't identify it, delete it.

Backup your registry first with this popular tool:

http://www.larshederer.homepage.t-online.de/erunt/

Run these scans:

Download, install, update and do a full scan with these free malware
detection programs:

Malwarebytes (MBAM): http://malwarebytes.org/
SUPERAntiSpyware: (SAS): http://www.superantispyware.com/

They can be uninstalled later if desired.

Remove the suspicious registry key, remove the executable if it still
exists, remove the .pf file from the Prefetch folder.

Reboot and check to see if everything is still gone and report results/
other issues.

Zero items automatically starting in HKLM and HKCU is a very good goal
if you can achieve it.

Yes I did search for 79932434.exe before posting this but did not get any
helpful info. Anyway thanks. I wanted to be absolutely sure!

"Bernd" <fake@gmx.de> wrote in message
news:ufWf3S8WKHA.508@TK2MSFTNGP06.phx.gbl...
>
>
> -------- Original-Nachricht --------
>
>> My XP/SP3 system recently got infected with Alpha (dubious) Antivirus. I
>> followed intsruction posted on the web to uninstall this malicious
>> trojan.
>>
>> Under registery:
>> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run
>>
>> I found an entry 79932434.exe pointing to Windows prefetch folder...
>>
>> I checked the folder and found the file (C:\Windows\Prefetch)
>> 79932434.Exe/018DD50B.pf
>>
>> The file's property indicated it was created about the same day my system
>> got infected. Does anyone about this file ... I want to be sure before
>> deleting the registry key
>>
>> thanks
>>
>>
>
> If you search with Google for 79932434.exe you get 6 hits, ALL pointing to
> your question ..
>
> I think that anwers your question !
>
> Bernd

Thanks for your response; very much appreciated. That registry key looked
super suspicious. Again thanks a lot


"Jose" <jose_ease******.com> wrote in message
news:753502f8-3fa3-438d-9141-ae22293ee264@b15g2000yqd.googlegroups.com...
On Nov 1, 9:17 pm, "jpBless" <jp3blessNoS...********.com> wrote:
> My XP/SP3 system recently got infected with Alpha (dubious) Antivirus. I
> followed intsruction posted on the web to uninstall this malicious trojan.
>
> Under registery:
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run
>
> I found an entry 79932434.exe pointing to Windows prefetch folder...
>
> I checked the folder and found the file (C:\Windows\Prefetch)
> 79932434.Exe/018DD50B.pf
>
> The file's property indicated it was created about the same day my system
> got infected. Does anyone about this file ... I want to be sure before
> deleting the registry key
>
> thanks

I don't know how the Google hits help the OP with the issue.

It is suspicious since it is not a Windows XP file and has been added
to your LM/run settings so it will start whenever your machine
starts. It looks like leftovers from some malicious software.

If you can't identify it, delete it.

Backup your registry first with this popular tool:

http://www.larshederer.homepage.t-online.de/erunt/

Run these scans:

Download, install, update and do a full scan with these free malware
detection programs:

Malwarebytes (MBAM): http://malwarebytes.org/
SUPERAntiSpyware: (SAS): http://www.superantispyware.com/

They can be uninstalled later if desired.

Remove the suspicious registry key, remove the executable if it still
exists, remove the .pf file from the Prefetch folder.

Reboot and check to see if everything is still gone and report results/
other issues.

Zero items automatically starting in HKLM and HKCU is a very good goal
if you can achieve it.