No announcement yet.

a wierd program file in the start up list....


Forum Top GA Ad Widget

  • Filter
  • Time
  • Show
Clear All
new posts

  • a wierd program file in the start up list....

    c:/documents and settings/network service/local settings/application data/ngbvyvupf\qgpfpqvshdw.exe Is this a safe file? How can I tell which start up files are legit?
    In the start up window of running msconfig, the selective startup is checked. The first three of five buttons under it are checked: Proce3ss system and process win and load system services. The next one, load startup items, has a green box instead of a check mark. The fifth, use original boot ini, has a circle with a green dot in it.
    I checked other files on the net and they appear valid. I cannot find any info about this file, so I'm suspicious.

  • #2
    start up

    I checked that file in my browser and it comes up empty. I wouldn't trust it.
    if you are running the latest avast program, you can scan that particular file against heuristic virus definitions.
    in msconfig, did you set the preferences or was it already there?
    there should be an option run windows normally


    • #3

      Check out the wikipedia entry for AV_Security_Suite. Looks like a nasty malware program.


      • #4
        virii ?

        if you aren't too squeemish about entering the registry and deleting things
        go to START and in the window type REGEDIT, then in the next window go to EDIT and type in the thing you want to search for and hit ENTER or SEARCH.
        Once it has found the file highlight and right click and DELETE.
        Then press F-3 and it'll continue the search.


        • #5

          The first string of characters in this filename are random. Search for shdw.exe and go to the bleeping computer web site. There are detailed instructions on how to get rid of this program. Also, check your browser LAN settings to see if you are going through a proxy server. This malware will redirect your web searches this way.


          • #6
            Regedit stuff....

            I did have to go into the registry and tinker with deleting many years ago. I only did this with help, though. I'm not afraid of it. According to the startup it says it's located in HKLM\SOFTWARE\...yadda yadda. Is not HKLM in the registry? I will look in there and delete it. Should I do a backup first? Also, will this delete it from any other locations in this mini-laptop?


            • #7

              if there is any occurence of what you are seeking in the registry DELETE it!
              then press F-3 to continue the search.
              if there's a whole string with the [.exe] at the tail end, delete the whole line.
              if you make a backup, it will harbor the virus, I wouldn't.


              • #8
                The registry search turned up nothing. I followed the back slash folders to the gibberish folder and deleted it and immediately emptied the trash. Also unchecked the box for it in startup. I'll shut this down and restart later and check if it is in fact gone.


                • #9
                  Pretty interesting. The e-mail spam folder has dropped from as many as 70+ a day to just a bit over 20......


                  • #10
                    I know this is a late response but you've got a classic malware infection. There's a couple ways of fixing it. You could go to and run autoruns to remove all instances (If you have one, you have more than one)

                    Or you could run combofix from bleepingcomputer (not the combofix site). But this is a really agressive antivirus program and could break other things while removing viruses.


                    • #11
                      I am looking for a reliable technology partner for the fast and reliable development of complex healthcare software offering full-cycle healthcare software design and development services. I think it would be great to work with them Any ideas? Do you have such an experience? Please, I appreciate any of your advice.
                      Last edited by analeks; 01-23-2022, 06:07 PM.