Hi all :),
My young stepson is NOT an English speaker or PC savvy so is highly vulnerable to viruses etc. and I have done my best to protect the integrity of his PC as best I can. Friends occasionally use his PC as well so it is vulnerable.
My stepson’s Windows XP PC has a virus/worm/trojan that is hard to kill and comes back in "C:\Documents and Settings\All Users". I think MAYBE I have FINALLY killed it (and registry entries) as it has not come back immediately this last attempt (which it tends to do)
Avira Antivirus software does find it when it tries to activate
The hidden exe file name something like dxeaslr.exe (can’t remember if that is exact name -should have written it down -sorry ) is not found in a Google search. One thing that is worrying me is that when I deleted on several occasions yesterday and it went into the recycle bin it was THEN identified by Avira Anti virus as cd1.exe (with same trojan specification) yet that is not to be seen in the recycle bin (only dxeaslr.exe)
I looked up cd1.exe and some sites suggest it is very dangerous, a few said it may be a Premium dialler trojan/worm etc. (2 suggested even an adult premium dialler??).
Anyway, whatever it is, although I MAY have removed it I fear it may be hiding and dormant (and my son knows far less than I about viruses etc.)
What I wish to do is to make entries in his PC’s Comodo Firewall to block those two .exe files should they reappear from any form of in/out internet access AND BLOCK them from running.
HOWEVER I am concerned they may reappear in different folders or paths in future without my knowledge.
My question. Can I block the exe file BY NAME ONLY (irrespective of path? without needing to provide a path or location (should it try to execute from ANY new location on his PC..
So far ONLY cd1.exe and dxeaslr.exe have been identified as problematic so I am hoping ONLY those two names are used by htis trojan if still hiding in PC.
I did switch off the virus software to see summary details of dxeaslr.exe and that suggested it was a Pidgen apps file (Ver 1.9 something I think). The supposed date of creation & last modification of the files suggest 7 years ago and 5 ago respectively.
I originally assumed it was a False Positive by Avira Anti virus BUT was suspicious and concerned so I checked a 4 month old Acronis backup tib file (which showed no sign of c:\Documents & settings\All Users\dxeaslr.exe). My ADHD stepson accesses many games sites (and whatever grabs his fancy).
Hope someone can help me protect my Stepson and his PC from himself on this issue