Unusual process interfering with cmdagent.


My PC is running slowly right now and looking in Process explorer I notice a listing called begin.exe. I’ve never seen this before. Tried googling it and found nothing.

Here’s a screenie of procexp…

Any help would be appreciated.


XP Home
AMD 4000+
2 gig of RAM

[attachment deleted by admin]

Have you scanned it with some anti-programs or via http://virusscan.jotti.org/ or http://www.virustotal.com/en/indexf.html yet?

There is a lot of software with a file called begin.exe.

The best thing is to try and find out who created the file: Do a search for the file on your pc and when you find it right click to view the properties. You should be able to find out who created the file which may give you an idea what is is,


Whatever begin.exe is it seems to be exciting CFPs cmdagent.exe. It looks like CFP is furiously blocking/logging something. Has CFP logged anything?

Looked at Comodo’s logs and around that time there are loads of entries from the Network Monitor. (See attachment for an example of a ‘who is’ lookup on one of them)-I don’t know anything about these things so it means nothing to me.

I did a search for the file and found this - BEGIN.EXE-132CC023.pf - in C:\WINDOWS\Prefetch

It’s 4Kb in size and was modified 18/6/2007 (UK date style date/month/year) at 11.40

Right clicking and selecting ‘properties’ only says when the file was created/modified. It says it’s a PF file.

By the way, thanks for the help :slight_smile:

[attachment deleted by admin]

PF files are PreFetch files. They are used by the OS to optimize the image loading. It isn’t really a program at all, it is just a PF reference for it.

So you can only find it in the Prefetch directory? Either it’s gone now or it’s still lurking somewhere, hiding itself.

The easiest method to find the EXE would have been to use Process Explorer (PE). PE knows where its running from, what called it & with what command line.

Try searching with agent ransack, it sometimes finds more stuff than windows explorer search.



Thanks for the link. The offending .exe has not shown it’s face again.