Jump to content

Prefetch Files

JSngry

By JSngry
in Miscellaneous - Non-Political

 Share

Recommended Posts

JSngry Grand Master

JSngry

Posted
Posted

What are they, how do they work, etc.

That randreco spyware thing keeps creating a prefetch file after I delete the .exe file, and THAT seems to be leading to the .exe file regenereating itself. But the prefetch file, I'm thinking, is probably being generated by a registry key, becaust the .exe file comes back AFTER I delete the .pf file, and the .pf file only comes back after I delete the .exe file and after I reboot the computer. The damn thing has never actually taken over my system, probably due to keeping current on all Windows/IE updates, etc, but it still TRIES to, and that's a nuisance. But by trying to trace its origins and such, I'm learning, or trying to.

I know just enough about this stuff to know that I don't know squat, so if you guys could help me become a little less squattier, I'd appreciate it.

So, how 'bout them prefetch files?

couw Newbie

couw

Posted
Posted

you STILL didn't get rid of this thing?

prefetch files are a new & improved XP thing. They sort of take the place of tmp files and make things go faster. Obviously Randreco creates its own prefetch to optimise its performance.

Didn't we find you a solution in that other thread? Didn't work, eh?

JSngry Grand Master

JSngry

Posted
  • Author
Posted

I got rid of it, sorta, but it keeps coming back. Entirely a nuisance, nothing more, but the regenerative powers of this thing intrigue me to no end.

It might actually be easier to let it go ahead and infect my system. Maybe then the AdAware fix will find it like it seems to do for other people. As it stands now, it finds nothing, even when the file is clearly on my hard drive and has tried to install itself.

I suspect some very crafty registry work is at play with this thing, and I'm not about to got there!

Funny though, I've gotten into the happit of looking for the various files that I've found to be associated with it immefdiately upon booting, and very often the .pf file doesn't appear until after the .exe file gets deleted - and the .exe delete seldom is complete until a reboot. You think that maybe the delete somehow causes the .exe to morph into a .pf?

Like I said, I don't know nuthin' about this stuff, but I love trying to figure it out anyway. One day, randreco's ass will be mine!

JSngry Grand Master

JSngry

Posted
  • Author
Posted

I've run everything, and nothing gets found. Repeatedly. This is a new variant of Vx32 or something, and it gives itself registry access. Or so I'm told.

It's only a nusiance, really, no harm done (yet). The firewall/IE Updates seem to keep it at bay. But the thought that I keep deleting it, its asscociated files, AND it's findable registry entries, and it keeps coming back REALLY bugs me, even if it never actiually does anything.

BOO!

Alexander Newbie

Alexander

Posted
Posted

I had a BIG problem with an undeletable .exe file a little while back, and I finally managed to get rid of it by using something called "Hijack This." It scours the harddrive and brings up everything that's not supposed to be there. Then you can fix and/or delete the offending files. But be careful, because it will also bring up anything you've installed, so read the filenames and choose carefully so you won't accidentally delete something you want.

The big thing I've learned is this: DON'T use Internet Explorer. Keeping unwanted viruses, trojans, adware, etc off your system with IE is like trying to keep cynide gas out with a screen door. I switched to Mozilla Firefox, and I haven't had a problem since.

Kevin Bresnahan Mentor

Kevin Bresnahan

Posted
Posted

I've run everything, and nothing gets found. Repeatedly. This is a new variant of Vx32 or something, and it gives itself registry access. Or so I'm told.

Well, I'm not saying if one company's virus scanning software is better than another's, but I have found that only McAfee's virus program finds the latest download trojan viruses. Norton does not. I believe you can go to McAfee's web site and run a virus scan over the 'net. However, you have to buy the package to get it to clean you up. It is useful just to find out what virus it says you have.

Later,

Kevin

Jim Alfredson Enthusiast

Jim Alfredson

Posted
Posted

Hijack is a cool program, but you have to know what you're doing. I suggest downloading it, running it, and then posting the list of stuff it gives you. I can tell you what you want to delete if you're not sure.

That's the only way I was able to get rid of a worm I had that kept changing my homepage.

Kevin Bresnahan Mentor

Kevin Bresnahan

Posted
Posted

BTW, the best way I know of to get rid of most of these worms is to run system restore and restore your system to a point before the attack occured. If it works right, you should be just as you were before the attack. System restore has saved my ass on many occasions. System restore may work for you, Jim.

Later,

Kevin

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...