• Help removing a hidden exe file
    13 replies, posted
There is a file called "server.exe" in my directory "C:\Windows\System32\install\server.exe" and I cannot find the "install" folder. I have the option to view hidden folders and files. Help??
How do you know it exists?
Tried Command Prompt yet? cd C:\WINDOWS\system32\install del server.exe
[QUOTE=MUFC2007;22312591]How do you know it exists?[/QUOTE] I had to restart my computer because it was fucking up, and now I restart it and the popup comes up that prompts you to allow a certain file to run. I'll try the cmd prompt [editline]10:55PM[/editline] command prompt says file doesn't exist.
Command Prompt is a bitch
[QUOTE=alphaspida;22312625]I had to restart my computer because it was fucking up, and now I restart it and the popup comes up that prompts you to allow a certain file to run.[/QUOTE] It sounds like you have a backdoor trojan (keylogger) - You most likely ran a "java applet" by "Microsoft" Delete all instances of this from your registry.
Case Sensitive folders, and if you can't find it manually, or with CMD, it probably doesn't exist.
Even if you did find it and deleted it, it would be recreated.
How do I find out what to delete and where from the registry? Thanks
Snip.
I have Norton, and it has served me very well so far. I don't want to say it, but I disabled it temporarily for something.
[QUOTE=alphaspida;22312784]How do I find out what to delete and where from the registry? Thanks[/QUOTE] Boot your system into safe mode and run a scan on your system via an antivirus. Check msconfig to see if anything unusual is checked in your Startup tab, as well as your Services tab.
Deleting it from the registry, open regedit and look for it, at least that's how I do my stuff.
These files were added by the Troj/Bckdr-MJO backdoor trojan, which was created by the 'Console Devil Remote Administration Tool' The affected entries in the registry are: [list] [*]Run [*]RunOnce [*]RunService [*]RunServicesOnce[/list]
Sorry, you need to Log In to post a reply to this thread.