susicious startup

  chugby 10:45 25 Nov 06
Locked

Noticed startup programs appeared in MSconfig named DUPEMFCD.EXE-01BA057C.pf and TRUSTROAM.EXE-1C31C052.PF which have located in the windows prefetch file.

Nothing comes up on usual AV/Spyware scans.
Initially tried deleting from MSConfig startup programs but came back, then tried using CleanUp! 4.5.2 but still came back. Managed to manually delete from the Windows prefetch folder, although noticed they are still shown in the MSconfig but they are disabled.

Any advise appreciated.

Spec: AMD, XPSp2, Kaspersky AV/FW, Ewido

  Fruit Bat /\0/\ 10:59 25 Nov 06

Have a look for something that appears like C:\WINDOWS\APPLIC~1\LOVEST~1\DupeMfcd.exe
and post the full path please.

  chugby 12:08 25 Nov 06

thanks for reply Fruit Bat /\0/\

have checked MSconfig and the startup item (Disabled)
DupeMfcd is shown under the command line as
C:\DOCUME~1\Barry\APPLIC~1\LOVEST~1\DupeMfcd.exe.
Tried general search and also explored manually but cant trace except on MSconfig.

By coincidence as writing this was also running A-squared free antispyware and came up with Trojan.Win32.Agent.tz within my WinRAR zip program,
related ?

thanks

  Fruit Bat /\0/\ 15:17 25 Nov 06

Yes I think it probably is.

If you had the line suspected, then you have a trojan

  chugby 15:56 25 Nov 06

have deleted the winrar program and doing another scan.

the Trust Roam startup shows as:

C:\Documents and Settings\All Users\Application Data\Face Nurb Download Phone\Trust Roam.Exe.

Cant find alot of info on this, wonder if this is a dialup trojan although i'm on broadband. How do i get into the application data? Assume MSconfig disabling hopefully stops them in the meantime.

Thanks

  Fruit Bat /\0/\ 17:25 25 Nov 06

USe explorer to navigate to the folder

Face Nurb Download Phone

and delete it

  chugby 18:32 25 Nov 06

Found the folder (had to check show hidden folders) and deleted. Also got the DupeMfcd within folder Love Start Multi. Alot happier found and deleted !

Many thanks for help on this Fruit Bat /\0/\

This thread is now locked and can not be replied to.

Huawei P10 review

1995-2015: How technology has changed the world in 20 years

An overview: What leading creative agencies are doing to improve diversity

New iPad, iPhone SE & Red iPhone 7 on sale now