Re: Kcddco.exe and Goegeclp.exe = VIRUS??

From: Don Wash (don_at_wash.com)
Date: 06/27/04 

Date: Mon, 28 Jun 2004 01:41:46 +1200

Thank you so much Rick! I've fixed my system now.

I even found another Trojan virus with file named "jkifok.exe" with the size
of 66KB!

File Locations
- jkifok.exe is located in C:\WINDOWS
- JKIFOK.EXE-0C1E3374.pf is located in C:\WINDOWS\Prefetch

I have got ADSL connection and I don't know where did these Trojans come
from. Do you know where these Trojans came from? Such as a specific site
that get these programs downloaded on my system without my knowledge?

Don

"Rick "Nutcase" Rogers" <rick@mvps.org> wrote in message
news:OdcamO$WEHA.2520@TK2MSFTNGP12.phx.gbl...
> Hi,
>
> Yes, they are both viruses (trojans actually).
>
> Trojan (virus) file. Follow these "relatively" simple removal steps:
>
> Restart in Safe mode by hitting F8 as Windows first begins to load on
boot.
> Logon as administrator.
>
> Start/search/files and folders, look for <filename> and delete it wherever
> it is found.
>
> Start/run regedit, expand the + signs to look under these keys:
>
> HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
>
> Look in the right hand pane for the string or strings that load that file.
> Delete just those strings that contain the reference. Do not delete other
> strings or the keys from the left pane. Close the registry editor when
> completed, make sure you check all strings.
>
> Go to the Control Panel/System/System Restore tab. Check the box to "Turn
> off system restore on all drives". Click apply/ok. This will remove all
> restore points, however you don't want them back as some or all of them
will
> contain the virus depending upon how recently you got infected.
>
> Restart the system normally. Go back to the Control Panel/System and
restart
> System Restore.
>
> Update your antivirus software. If the problem with opening other programs
> persists, go to www.dougknox.com and click WinXP fixes/File association
> fixes, and download, then run the .exe file fix.
>
> --
> Best of Luck,
>
> Rick Rogers, aka "Nutcase" - Microsoft MVP
> http://mvp.support.microsoft.com/
> Associate Expert - WindowsXP Expert Zone
> www.microsoft.com/windowsxp/expertzone
> Windows help - www.rickrogers.org
>
> "Don Wash" <don@wash.com> wrote in message
> news:uBa$md%23WEHA.1144@TK2MSFTNGP10.phx.gbl...
> > What are these? Are these viruses?
> >
> > I have Windows XP Home edition.
> >
> > Everytime I start the computer, both of these programs run one instance
> > under my user account, and another instance under SYSTEM account.
> >
> > This programs
> > - disables some programs starting (such as Microsoft ASP.NET Web Matrix)
> > - Sometimes closes the IE windows when starting from "Run" command,
(such
> as
> > when you type in www.microsoft.com)
> > - Sometimes closes the IE windows when opening a new window from
existing
> > window.
> > - Takes up alot of memory and CPU resources
> > - File sizes are extremely small :: Kcddco.exe (61 KB) and Goegeclp.exe
> (57
> > KB)
> > - have no information about them whatsoever on the web!
> >
> > File Locations
> > - Kcddco.exe is located in C:\WINDOWS
> > - KCDDCO.EXE-0C9D4A6F.pf is located in C:\WINDOWS\Prefetch
> >
> > - Goegeclp.exe is located in C:\WINDOWS\system32
> > - GOEGECLP.EXE-0BCA9A6C.pf is located in C:\WINDOWS\Prefetch
> >
> > So what I did was I disable both of these programs by changing
Kcddco.exe
> to
> > Kccddco.exe.virus and also the same for Goegeclp.exe, to prevent them
from
> > starting when I start Windows XP.
> >
> > I did that and I restarted Windows XP and voila! These programs are not
> > starting. I thought I've done it, until I tried to start windows
program.
> > When tried to start a program, it says "Windows cannot find <<program>>.
> > Make sure you typed the name correctly, and then try again. To search
for
> a
> > file, click the Start button, and then click Search."
> >
> > Most programs are not starting! Except IE, Explorer, and Outlook Express
> (as
> > far as I've tried).
> >
> > So is this a virus? Is this program a part of Windows XP Home? I just
want
> > to confirm that these programs are NOT Microsoft programs.
> >
> > Many Thanks,
> > Don
> >
> >
>
>