5 replies to this topic

[RTH]

When I got online today (7-25-06) a McAfee warning said an application called "zdlqknlr.exe" was attempting to access the internet and asked if I wanted to grant or block access. I don't know what this is. I found the file in the Windows System32 folder, but Properties shows that the file was created today and does not include any description of the application or any version information identifying the file as a Microsoft application. I can't find any reference to the application on the microsoft website and Google searches for "zdlqknlr.exe" and "zdlqknlr" yield no results. Does anyone know what this is and whether or not it is safe and should be able to access the internet? Thanks in advance for any guidance you can provide...

[Doug]

Any time your firewall alerts you to a program or application attempting to access the internet, that you do not recognize......it is best to "Deny" permission to access the internet.

In this case, "an executable (.exe) item that identifies itself with an apparently random alphabet name is "highly suspect" and probably a member of either the CWS family of Trojans or one of the variants of Smitfraud.

Since I am not a qualified Malware removal expert, I'd recommend that you Run A HighJackThis scan and save the Log. Then Post the Log into the TomCoyote HJT Forum for assistance from a qualified advisor Here:
http://forums.tomcoy...hp?showforum=27

"If" you have noticed any other symptoms, or "if" you have noticed popup screens recommending that your machine is infected and that you should immediately download one of the following: Spyaxe, SpyFalcon, SpyQuake, AlfaCleaner, w32.puper, AVGold, etc. -- Do Not Click on the popup Alert! it is an attempt to infect your machine with a variant of the Smitfraud group of malware.

There are "Self Help" solutions that you can use if you feel comfortable doing so, here:
http://forums.tomcoy...hp?showforum=97

Best Regards

[Doug]

I notice that you've already posted to the HJT Forum.

Therefore it is best to be patient and do your work in that Forum, instead of posting to two Forums (this one and the HJT Forum) --- too many cooks in the kitchen can lead to disaster -- HJT advisors are trained and qualified, so depend on them.

In the meantime, you can help yourself by following the HJT Forum advice on what to do BEFORE posting your HJT Log. Read here:
http://forums.tomcoy...showtopic=57813

Download, update and Run Spybot Search and Destroy version 1.4, from here:
http://security-central.us/downloads/

Download, update and Run Ewido (free) anti-malware tool, from here:
http://www.ewido.net/en/download/

**Important: Since you have McAfee tools installed on your machine, DO NOT use the Lavasoft Ad-Aware Personal SE tools.......... Spybot S&D plus Ewido will be just fine, and Ad-Aware may interfere with McAfee so don't use Ad-Aware.

Certainly feel free to re-scan with your onboard McAfee
And certainly feel free to remove Temp, Temporary Internet Files, and junk using the following protocol.

After those steps....WAIT for a Trusted HighJackThis Expert in the HJT Forum.

Best Regards

To clean out all the temporary files and cookies on your system.
Go to
Start - Run - (type) "cleanmgr" without the quotes.
Let it scan your system for files to remove.
Check these three boxes and then press ok to remove:
Temporary Files,
Temporary Internet Files,
Recycle Bin.

Then GoTo:
Start - Find/search - Files or folders - in the named box, type: *.tmp
When the list is generated, choose
Edit - select all - File - delete.

Note: If you cannot delete them all at once because you have too many, then click and hold ctrl and highlight a batch of them at a time. Once highlighted, R-click over the highlight and select delete.

Then use
Start - Run - (type) "%temp%" (without the quotes).
Delete the entire contents of that "temp" folder
(use Edit - Select All - press "Delete", click "Yes").

Then,
Empty your Temporary Internet Cache completely.
Close all instances of Outlook and Internet Explorer,
then use "Control Panel - Internet Options - General tab and click the "Delete File" button.
When prompted place a check in: "Delete all offline content", then click OK.

Then, use Windows Explorer to clean out ALL the other temp folders on your system
(navigate to the folder, (as listed below)
use "Edit - Select All", press "Delete", click "Yes"

* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\

* C:\Windows\Prefetch\

* Empty your "Recycle Bin".

[RTH]

Dough -- Thank you very much for your response. I did not know if zdlqknlr.exe application problem was something that would show up in the HJT log (particularly given that it came up for the first time a day after I created and posted my HJT log) and did not realize a question about it should be posted on that forum. Based on your reply, it sounds like I should just post questions to the HJT forum for now, since I honestly don't know how to distinguish between something that should be posted there vs. elsewhere. For what it's worth, I followed the pre-HJT posting recommendations before I created and posted my HJT log yesterday and I tookall of the other steps you suggested as soon as I saw your reply. Thanks again for taking the time to help...

[Doug]

Hi RTH, You haven't done anything wrong, and I apologize if my response appeared to suggest that you had. The people here at TomCoyote are committed to helping people with their computer and internet related problems, and a big part of that is helping people learn more and do more for themselves. As a result I have found that the Administrators, Moderators, and Expert Members are pretty easy to get along with, and will go out of their way to assist. The distinction between this Forum (other computer problems) and the HJT Forum (HijackThis Logs and Spyware/Malware Removal) is that "problems" that are suspected to be caused by Malware Infection, are generally directed to the HJT Forum, where the Responders have all received specialize training and passed supervised work experience and qualification tests. That's important when dealing with Malware that can wreck havoc on a Members machine. So here in Other Computer Problems, we generally deal with Operating System, Software, Hardware and other problems unrelated to Malware. Occasionally, a malware problem gets solved here, but mostly over in the HJT Forum. Regarding where you should post: While you have an active HighJackThis Topic and are receiving instructions from a Trusted Advisor, I or anyone else will be reluctant to make recommendations, especially since any recommendation could interfere with the successful completion of your HJT fix as advised by your Expert Responder. That's all. When you get finished over in the HJT Forum, please feel absolutely welcome to post here in "Other Computer Problems". Best Regards, Doug

[RTH]

Doug -- Absolutely no apology necessary, but I appreciated the clear and helpful explanation. It could take me a while to be tell the difference between a Malware Infection problem and something else, but at least I know I can keep it simple for now and just stick to the HJT Forum as long as my HijackThis Topic is active. I am a total novice, but I'm eager to learn and really thankful to have found your site. What a great resource. Thanks again for putting in the effort... Rick