Hi,
My PC is running slowly right now and looking in Process explorer I notice a listing called begin.exe. I’ve never seen this before. Tried googling it and found nothing.
Here’s a screenie of procexp…
Any help would be appreciated.
Thanks.
XP Home
AMD 4000+
2 gig of RAM
[attachment deleted by admin]
Have you scanned it with some anti-programs or via http://virusscan.jotti.org/ or http://www.virustotal.com/en/indexf.html yet?
There is a lot of software with a file called begin.exe.
The best thing is to try and find out who created the file: Do a search for the file on your pc and when you find it right click to view the properties. You should be able to find out who created the file which may give you an idea what is is,
:SMLR
Whatever begin.exe is it seems to be exciting CFPs cmdagent.exe. It looks like CFP is furiously blocking/logging something. Has CFP logged anything?
I did a search for the file and found this - BEGIN.EXE-132CC023.pf - in C:\WINDOWS\Prefetch
It’s 4Kb in size and was modified 18/6/2007 (UK date style date/month/year) at 11.40
By the way, thanks for the help 
[attachment deleted by admin]
PF files are PreFetch files. They are used by the OS to optimize the image loading. It isn’t really a program at all, it is just a PF reference for it.
So you can only find it in the Prefetch directory? Either it’s gone now or it’s still lurking somewhere, hiding itself.
The easiest method to find the EXE would have been to use Process Explorer (PE). PE knows where its running from, what called it & with what command line.
Try searching with agent ransack, it sometimes finds more stuff than windows explorer search.
http://www.mythicsoft.com/agentransack/Page.aspx?page=download
:SMLR
Thanks for the link. The offending .exe has not shown it’s face again.