1. Home
  2. Networking Firewalls
  3. is htokgvvy.exe a spyware. I got it from http://buy-traffic.net

is htokgvvy.exe a spyware. I got it from http://buy-traffic.net

Would Anyone happen to know what is htokgvvy.exe. I could not find it in google groups.

This is what I did...

When I was searching for some info on a medication-drug in google and got some results. There was one result from this website "

formatting link
". When I clicked it it took me to the following site.
formatting link
use IE-6 and I have zonealarm firewall. The moment it took me to the website windows started opening by itself and it ZA prompted me to execute an exe file. I think it is called htokgvvy.exe. I was so panicked that I let ZA to block this exe to run. Also, when I quite this buy-traffic website, it further opened another website
formatting link
and the security certificate prompt window appeard saying it was some adult content and if I was above

18yrs old. I am just curios why a website with medical reference showed up in google and why this website redirected me to all kinds of stuff and more importantly why it started downloading an exe before even clicking on anything.

1) Now I have this htokgvvy.exe installed on my machine and its trying to access the internet over 100's of times but ZA is blocking its access. How do I get rid of all its registry entries so I can delete it.

2) Also what is ~Unta*.exe. I see two applications running in my ~home/Local Settings/Temp directory
Reply to
sandygs
Loading thread data ...

The reason that you can not find the exe's names in Google is that you are probably infected with one of the many strains of malware which use random characters to generate their executable names to avoid detection.

These also usually have trojans and keystroke loggers attached, so I wouldn't do much internet banking for a while. Reformat and reinstall then upgrade->SP1->SP2 seems the best solution. There are also several excellent anti-spyware products on the market (NONE of which advertise by spam), and you should install at least one and perhaps two of these along with an antivirus package.

While Firefox and Mozilla give you better protection than IE, you need to be very careful about what you click on. The fact that a site is referenced on Google under a medical search category does not make it clean. It just means that the site was indexed by Googlebot and Google's filters didn't catch the sleeze.

"Jason Edwards" wrote in news: snipped-for-privacy@individual.net:

Reply to
Mungo

Probably a random name used by some malware.

Bad idea, unless you want more malware injected directly into your operating system. Try

formatting link

Which appears to have proven useless.

I think you'll find that the exe file had already executed no matter what zonealarm did.

Probably because it made use of an unpatched IE vulnerability.

You format the drive and restore everything from clean media.

Just more malware. Please find someone in your area who knows how to help you. You may have to pay someone to do it. If for any reason you're not going to do that then start here

formatting link
Jason

>
Reply to
Jason Edwards

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.