I am trying to finish cleaning up one of those stupid fake virus scanner malware infections and was wondering if this might be one of the leftovers. It is in the startup menu and restarted itself after I had disabled it.
When you Google something like taxidu.exe and you don't get any hits - odds are it's a virus. Did you run Malwarebytes in safemode?
Yes I ran Malwarebytes, Superantispyware,and Hijack This. Superantispyware crashes. The file was in the Appdata folder. I am guessing there shouldn't be any executables in that folder. The computer runs but there are still issues. Like Catalyst CC won't run and the video drivers are screwed up. The computer is not mine so working on it is kind of a pain. All my computers have multiple boot drives to simplify fixing such issues.
There should be NO files in the AppData folder only three sub-folders - Local, LocalLow and Roaming. The sub-folders can have executable files and most systems do have executables in at least 2 out of the 3 folders.
What sub-folder was the file in? The Roaming folder contains most of the executables in folders associated with the software they are part of.
"Some" would be the name of a software installation - legit or otherwise.
AppData is used by applications to store "stuff". I suggest that you rename the folder. Anything trying to access it will fail. After a day or two of normal operation you can delete the folder and it contents. Reboot and check if the folder has returned. If it has, you've got some real trouble.
If the file runs live, it will provide info about the Running process concerning this file, it also provides the capacity to try to kill the process, and then see if the file is deletable.
Otherwise, I have a Mobile rack installed in some computer.
In case like this I would put the HD that with the taxidu.exe as a secondary none boot drive in the Mobil rack, then copy the taxidu.exe to a flash drive (in case it is found thereafter that it is needed) and delete the taxidu.exe from the HD.
Being in the computer as s data drive nothing is running live on the drive and thus it can be deleted if if it is self-running malware.
[QUOTE=ua549;2759847]"Some" would be the name of a software installation - legit or otherwise.
"Some" is a pretty nonspecific name. I guess these idiots figured out files and folders with a dozen random characters as names were clearly malware. I will delete it the worst thing that could happen would be some legit software will stop running. I assume a reinstall would fix that. The bigger issue is the screwed up video drivers. Installing 12.1 Catalyst drivers did not fix that.
Reply With Quote
Originally Posted by Steve R Jones
