locked
kek.exe is this a virus/trojan? RRS feed

  • Question

  • hello again after upgrading to IE 8.1 beta i encounterd a problem i`ll try to be as acurate as possible:

    i can no longer run IE as my browser after a lot of messing about my only accsess to the internet is to use mozzila and this only worked after installing incredimail (wierd)

    after switch on my onecare firewall informs me that kek.exe is trying to accsess the internet i refused it and so far i`ve had no problems with programs dissapearing from my system.

    i tried reinstalling windows xp home sp2 then after a great deal of time and effort sp3 (it kept refusing to install the update)
    as ive said i can`t use IE i`ve ran tune up and it reports no errors on looking through other forums it looks like kek.exe is a virus/trojan which appeared on the 2 august 2008 its very nasty and is causing lots of problems on my machine.
     i usually run a scan using trend housecall once a month it has found problems in the past that onecare has missed,this ican no longer run (don`t no why) nor can i run online safty scanner in safe mode(needs IE to run).
    not sure how this happend
     can aybody assist

    Best regards to all.
    Monday, August 25, 2008 8:33 AM

Answers

All replies

  • If you are using Windows Live OneCare and you have been infected, but OneCare did not detect or cannot remove the malware, please contact support to report this and for help with removal.

    How to reach support (FAQ) - http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=2421771&SiteID=2

     

    If you are in North America, you can call 866-727-2338 for help with virus and spyware infections. See http://www.microsoft.com/protect/support/default.mspx  for details.  For international information, see your local subsidiary Support site.

     

    -steve
    Monday, August 25, 2008 3:37 PM
    Moderator
  • this was no help at all but i`ve posted the fault as best i could on the above link anyone else help???
    Monday, August 25, 2008 4:22 PM
  • already been there is kek.exe my problem or IE 8.1? the above link does not offer any solution and why does one care not pick it up if microsoft know of it?
    Monday, August 25, 2008 5:42 PM
  • I don't know the answer to your question, which is why I referred you to support since you suspect an infection was missed by OneCare.

    -steve

    Monday, August 25, 2008 6:35 PM
    Moderator
  • i think i may have resolved the problem i will try describe sequence of events as follows:

     

    using the onecare help menu i selected >help with updating onecare>fix esenscial services

    after rebooting i was able to get IE 8.1 back as my browser i could then run online saftey (safe mode with networking) scan it found and cleaned 154 errors in the regestry.

     

    i then ran malwarebytes `anti-malware` it found an additional 150 odd errors and cleaned them.

    after reserching kek.exe via other forums i decided to risk deleting the following exe files from win32 and the prefetch folder:these are said to origeonate from limewire or edonkey p2p progs which i have never used.

     

    kek.exe

    mpt.exe

    mpxa.exe

    these files i had blocked with my firewall that had alerted them to me origionally this can only be done in safe mode and a cold boot after ten minuets and selected last working configuration (puzzled as to why i had to cold boot for so long!!!!)

     

    i could now run trend micro house call which found a further 16 vunerabilitys including a backdoor trojan wich were cleaned.

     

    my system seems to be running fine.

    questions need to be answered from IE 8.1 and why so many problems are slipping through both it and onecare.

     

    i hope this can help in some way

    best regards to all

    topper

    Wednesday, August 27, 2008 1:26 AM
  • topper2000,

     

    Thank you for visiting the OneCare forum for your Anti-Virus issues.

     

    Anytime you find a suspicious file in the future, please zip the file, password protect it, and send it to oc-forums@live.com

    and the scanner that found the file.

     

    We can then analyze the file further and let you know if it is a virus or not.

     

    Lori MS

    Wednesday, August 27, 2008 8:52 PM
  • YES. Kek.exe IS malware. It will start up in your registry - disable it, end the process using the Task Manager, and DELETE it.
    Thursday, September 18, 2008 11:02 PM
  • thanks roahn i have resolved the problem see my last notes regarding kek.exe and remember to remove from the prefetch folder

     best regards
    Thursday, September 18, 2008 11:20 PM