What is this program running on my PC ?

[spideyontheweb]

Hi

I was checking the Services tab on my Task Manager and I find this program (zdfchhpxzuugca) which I cannot stop even with administrator control. Its the first program in the image.

Its a Dell 501x laptop (64bit) with windows 10 and Kaspersky. I have never seen this in the past.

Can anyone help me find out what it is and how to disable it.

Many Thanks

[/IMG]

 

[pcgeek11]

Malwarebytes
Bitdefender

Run these and allow them to clean whatever they find.

 

[spideyontheweb]

Malwarebytes
Bitdefender

Run these and allow them to clean whatever they find.

Malwarebytes,Kaspersky and Ad-aware all running and scan does not elicit anything!

 

[Seba]

Search your computer and also the Registry for that string and see what comes up.

 

[spideyontheweb]

Search your computer and also the Registry for that string and see what comes up.

Thanks. Nothing on search. But regedit search gives this info !
Location is in SysWOW64 and properties says it is a Sver file - kepfzqq
What do I do next?

[/IMG]

 

[Seba]

Now look at the properties of that file kepfzqq.exe, located in C: \Windows\SysWOW64 to see what info can you gather. Maybe you can identify some program that you installed. If not, it could be some unwanted program.

 

[spideyontheweb]

Now look at the properties of that file kepfzqq.exe, located in C: \Windows\SysWOW64 to see what info can you gather. Maybe you can identify some program that you installed. If not, it could be some unwanted program.

The original location of the file is kepfzqq.exe and properties says its a Sver file. I cannot open the file or get anything else or even disable it.Strange :thumbsdown:

 

[sbpromania]

It's highly likeable that it is a 3rd party program, that was installed in the background of another installation process ( this happens a lot for software downloaded from free websites).

The best course of action you can take is to make a backup of your registry and delete all the entries of the specified program. If it breaks something on your computer u have the backup. Also delete all the cache from your browsers

 

[Majorrabbid]

Crypto locker? Or a variant? Do you have any files that you cannot open or come up saying corrupt?

 

[redzo]

Malwarebytes
Bitdefender

Run these and allow them to clean whatever they find.

This.

Run a full scan using malwarebytes! If it's spyware or a virus, MB will certainly detect it.
It could be anything from a bitcoin miner or crypto virus to some harmless crapware.

 

[corkyg]

My sense is that you are infected. sysWOW64 is in some cases, a virus.

https://www.google.com/search?sourceid=navclient&aq=hts&oq=&ie=UTF-8&rlz=1T4GGLG_enUS329&q=SysWOW64

https://forums.malwarebytes.org/index.php?/topic/150359-infection-assistance-needed-syswow64/

Get rid of it.

 

[Ranulf]

Malwarebytes,Kaspersky and Ad-aware all running and scan does not elicit anything!

In Malwarebytes, make sure it is a custom scan and have it scan all your drives. Have "scan for rootkits" checked.

 

[Ketchup]

Pretty sure it's Malware. They love to make up names when they spawn. If traditional malware cleaners don't remove it, Kaspersky has one that might:
http://www.techspot.com/downloads/5061-kaspersky-rescue-disk.html

If that doesn't work, back up important data and format the drive. I would not speed more than a day playing around with something like that.

 

[LPCTech]

run in this order:

rkill
jrt
Malwarebytes
adwcleaner

Thats not normal. You have malware. Malware commonly has gibberish names like that. If this fails run combofix and hope for the best, back up all your files before doing any of this.

 

[xgsound]

If you have the nerve you can stop the service as follows after you see what info is available on it.
To get info you can run services program. Go search/ type services/ click on services/ go to zdfchhpxzuugca and single left click. You should get info on the service shown on the left and options to stop start and so on. A right click lets you look at properties. If computer works after you stop or disable it, the next step is to delete the registry item.
Jim

 

[monkstah]

You should be able to also stop it via Safe mode if necessary but 100% malware for sure.

 

[palmfire]

No one here recommended to remove the computer from internet and run those antivirus programs in safe mode.