Sunday, March 2, 2008

hPBHK348.exe and 61h3jA00.exe on PC

It’s been while since I worked on my desktop PC. Today while I was working on a network share issue after checking my event logs I have found out entries similar to the following:

Event Type: Error

Event Source: Schedule
Event Category: None
Event ID: 7901
Date: 2/03/2008
Time: 7:00:00 AM
User: N/A
Computer: SUPPORT-32C7206
Description:
The At8.job command failed to start due to the following error:
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Naturally if it’s from Scheduler then I should check what I have got scheduled on my pc. I have found out that there were many scheduled jobs which were scheduled to run every hour. See the following which I got after typing AT command line:

Status ID Day Time Command Line
-------------------------------------------------------------------------------
Error 1 Each M T W Th F S Su 12:00 AM C:\WINDOWS\system32\hPBHK348.exe

Error 2 Each M T W Th F S Su 1:00 AM C:\WINDOWS\system32\hPBHK348.exe

Error 3 Each M T W Th F S Su 2:00 AM C:\WINDOWS\system32\hPBHK348.exe

Error 4 Each M T W Th F S Su 3:00 AM C:\WINDOWS\system32\hPBHK348.exe

….
……

Error 45 Each M T W Th F S Su 8:00 PM C:\WINDOWS\system32\61h3jA00.exe
Error 46 Each M T W Th F S Su 9:00 PM C:\WINDOWS\system32\61h3jA00.exe
Error 47 Each M T W Th F S Su 10:00 PM C:\WINDOWS\system32\61h3jA00.exe
Error 48 Each M T W Th F S Su 11:00 PM C:\WINDOWS\system32\61h3jA00.exe

When I checked quarantine log of my anti virus I have found out that it has taken care of the log files even though sites like http://spywarefiles.prevx.com/RRCAGC44185411/HPBHK348%2EEXE.html mentions that none anti viruses are known to find this infected file(s).

These are malware files, but it is unknown what exactly do they do. But now we know that one more location to search for is %systemroot%\system32 for these files.

To delete all scheduled jobs all I did was to use the following command line:
AT /DELETE /YES

Caution: Please remember that above mentioned command line will delete all scheduled jobs scheduled to run with the help of AT command.

My anti virus has got rid of these files because quarantine period was over else I would have tried to see was coded inside these EXE images.

=Tip of the day=
Make sure you check your event logs time to time . You never know what does on your PC while your family members use it.

Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)