kxfiwu.exe?

ogy

hi, this program kxfiwu.exe keeps trying to access the internet and I keep blocking it but it just keeps popping up. Googled for it and nothing, just wondering if anyone knows is it adware or a virus/trojan that I should delete or is it just some part of IE and I'm being dumb. McAfee/Symantecs website/search and destroy/google have nothing on it
Thanks
ógy

NotMe

I'd say if it was some part of IE or another valid program then Google would return something on it. Where is the program located? And what is its creation date?

vibe666

you might find it's part of coolwebsearch or something similar. it (they) have been known to generate random filenames to fool spyware tools.

you can get CWShredder (coolwebsearch remoal tool) from here: http://www.spywareinfo.com/~merijn/downloads.html as well as pretty much everytong else you'll need to do an effective clean of your PC.

it also might well be a trojan or virus, so do a full scan for both using AV/Trojan tools scanners.

if you're at all stuck with any part of it, post back here and someone will help you out (Maybe post the log from Hijackthis! and see what you get) or post on the forums at the link above and they'll definately be able to tell you what's what.

bear in mind though that if it is CWS it might well have burrowed it's way into some of your windows executables in which case the cleanup operation is going to be a real biatch.

good luck with it htough, you'll get through it.

Da_cOmRaDe_MiKe

spyware > virus...
if not then format to make sure.

Kazujo

What OS are you running? If it's 2k or XP it checking in the task list to see if it is running contantly you might be able to manually disable and remove it.

Da_cOmRaDe_MiKe

thats true, if its win 98SE, win millenium, win xp you can go to
start > run > msconfig > go over to startup, and find it in there.
disable it, and it shud stop it trying to come up.

vibe666

Da_cOmRaDe_MiKe wrote:

spyware > virus...
if not then format to make sure.

great statement there mike, don't suppose you work in PC World or somewhere like that do you?

I hope you're not a roofer. "yes luv, you've got a leaky roof. best demolish the place before it gets any worse" :rolleyes:

ogy, ignore the er, 'member' with no idea what he's talking about and spend some time looking into what it could be. chances are VERY likely that you can safely remove it without having to resort to drastic measures.

bear in mind also that the chances of you being the first, or only person with this particular problem are in all practical senses absolutely zero.

by the time your average surfer catches something nasty on the net, thousands of others will already have been infected, making it very likely that there's an easy way of getting rid of the problem.

turst me, i spend a couple of hours (at least) every day removing unwanted crap from people's PC's, and although some of them can occasionally be very tough, none of them are impossible to remove. not yet anyway.

spend some time running full scans with ad-aware, spybot and giant (the 3 best spyware tools) and once they have remov3ed most of what you have then run CWShredder to make sure.

then run hijackthis! (don't remove anything) and create a log for it, and post it in here or at the spyware forums I mentioned earlier and someone will talk you through removing anything that was missed by the other scans. failing that, there are still other ways of cleaning these things from your system including dedicated tools.

above all, try not to make fear of the unknown put you off fixing this thing properly. i guarantee that next time it happens (as it most likely will at some stage) you'll jump in head first and get it it sorted yourself in no time at all.

Mr. Presentable

Have you recently installed anything new?

How long has this been going on?

Da_cOmRaDe_MiKe

vibe666 wrote:

great statement there mike, don't suppose you work in PC World or somewhere like that do you?

I hope you're not a roofer. "yes luv, you've got a leaky roof. best demolish the place before it gets any worse" :rolleyes:

ogy, ignore the er, 'member' with no idea what he's talking about and spend some time looking into what it could be. chances are VERY likely that you can safely remove it without having to resort to drastic measures.

bear in mind also that the chances of you being the first, or only person with

cheer's boss...
and no i dont work for pc world. i was just offering a soloution that WOULD fix the problem.
it might have been drastic, but its a guaranteed fix.
anyway's it was only a suggestion. not gospel.

Kazujo

If your handy with the registry you can go into it through Regedit then navigate to

HKey_Local_Machine -> Software -> Microsoft -> Windows -> Current Version

Check in Run there could be a few variations Run, RunOnce, Run As Service or similar. Look in here for strings like the name you are seeing. This will tell you where the file is and allow you to stop it from starting the next time you reboot, you should then be able to delette.

If your not comfortable using the registry stick with the tools mentioned already in the thread

ando

Da_cOmRaDe_MiKe wrote:

thats true, if its win 98SE, win millenium, win xp you can go to
start > run > msconfig > go over to startup, and find it in there.
disable it, and it shud stop it trying to come up.

do that in safe mode as if you do it in normal computer mode, it will probably restart itself. In safe mode you could do a search for the file, delete it and make sure its deleted in msconfig, then restart. Formatting is a bit drastic to fix the issue

vibe666

yep, just like demolishing a house will get rid of a leak.

formatting a pc because of something that 'might' be a virus or spyware (and let's face it we have no idea what the feck it is at this stage) is nothing short of stupid. who in their right mind would do that without even trying to fix the problem first?

sorry mike, but you deserved everything you got, suggestion or not.

oh, and pretty much all virii/spyware are immune to being removed via msconfig.

ando

vibe666 wrote:

oh, and pretty much all virii/spyware are immune to being removed via msconfig

that why i said use it in safe mode

Da_cOmRaDe_MiKe

i only said msconfig, so the thing would stop auto popping up anytime he wanted to do anything. this would give him the chance to remove it.

suggestion or not, its my choice to say what i like. same as it is urs.
but i dont think getting nasty or smart was called for.

maybe next time i post something you dont agree with, why not say something like mike, sorry man, its a suggestion, but not a good one. this would work a lot better.....

rather than resorting to using phrases to put me down.

vibe666

ando wrote:

that why i said use it in safe mode

won't make the slightest bit of difference to a decent bit of spyware or a virus, sorry. it'll be hidden in several different places, and will just replicate itself back when you reboot.

Da_cOmRaDe_MiKe wrote:

maybe next time i post something you dont agree with, why not say something like mike, sorry man, its a suggestion, but not a good one. this would work a lot better.....

rather than resorting to using phrases to put me down.

well mike, you didn't post a suggestion, you posted a stupid suggestion. it had no merit whatsoever, and when people post like that they should fully expect to be called on it.

if i ever post something stupid (and I do, just like everybody else) they'll be plenty of people to call me on it and make me feel stupid.

there's a million things you know that I don't and if i post something stupid on one of those subjects i fully expect you to do the same, as i would with anyone else. that's just the way it goes. post something stupid and someone will shoot you down. it's just the way forums are.

duridian

The name kxfiwu.exe makes me think it may be somehow related to Kazaa, which has a nasty habit of installing other things like spyware. I don't use Kazaa any longer myself (I use KLR instead) so cannot say for sure, but the "kx" part makes me think "Kazaa Extension" and the "wu" part maybe "Windows Updater. I may be completely wrong but as I say this is just a hunch based on the sound of the filename.

ZENER

Have a look in the windows dir and sort files by size, find your file in the list and check to see if it's the same size as a lot of other files which have similarly cryptic names. My guess is that there are a lot of them. Now in msconfig check the startup tag and see if any of those files are called. Uncheck them all and restart the machine. If the next time a new randomly named file has appeared then its most likely a spyware program. Is the startup page in I.E. effected ?

ZEN

ando

vibe666 wrote:

won't make the slightest bit of difference to a decent bit of spyware or a virus, sorry. it'll be hidden in several different places, and will just replicate itself back when you reboot.

Of course just editing the registry startup entry will not remove it, but in safe mode all spywere/virus activity is non-existent and this is when I would get rid of it from the reg and the files it has produced on the computer by using antivirus/removal tools and anti spywere apps. Works all the time with Virus's, spywere is a bit trickier if IE is being used, normally I'd get the person to use Firefox if the machine has a tendency to get reinfected

vibe666

ZENER, it's definately a random filename. typically there are 2 pieces of spyware that use random filenames, and removing the individual file (even in safe mode) won't fix the problem, as it will be nestled in several different places, all reasonably well hidden.

if it's a virus then removing it for the startup items (even in safe mode) won't get rid of the virus, only prevent it from starting up form that particular location. if it is a virus the best thing to do is a full virus scan and find out what it is, so you can remove it effectively, and remove the cause of infection or you may as well not bother doing anything.

ZENER

vibe666 wrote:

ZENER, it's definately a random filename. typically there are 2 pieces of spyware that use random filenames, and removing the individual file (even in safe mode) won't fix the problem, as it will be nestled in several different places, all reasonably well hidden.

if it's a virus then removing it for the startup items (even in safe mode) won't get rid of the virus, only prevent it from starting up form that particular location. if it is a virus the best thing to do is a full virus scan and find out what it is, so you can remove it effectively, and remove the cause of infection or you may as well not bother doing anything.

All very true of course but without knowing the software he has installed it's not possible for us to kow for definate, the process I described will weed it out for what it is, either a legitimate file or a rogue in which case the new file will seek access to the internet and throw up a warning in the firewall software. Once this happens then we know for definate what it is and can advise him on a suitable course of action.

Crude I know but it works for me every time.

ZEN