sysvxd.exe - What is it? I delete it but it reappears in my c:\windows directory

[pkarsh]

sysvxd.exe file reappears in c:\windows directory an hour or more after being deleted from there.

I first noticed a problem when I saw a Windows message box containing the text:

c:\windows\sysvxd.exe
The NTVDM CPU has encountered an illegal instruction
c5:055f IP: 06d0 OP:63 6f 6c 6f 72 Choose 'Close' to terminate the application

The box had a Close and an Ignore button. I clicked the Close button.

This message reappeared a few hours later.

I did a Google search and found a number of posts, etc. reporting these symptoms. I saw one post that said that this file was part of something called Trojan.FakeAlert. It listed a number of files to get rid of to get rid of this. I looked for these files but could not find any of them on my machine. I did not see any of the processes running that this post said to kill.

I am not seeing any symptoms such as popups, hijacked browser, etc. that other users have reported in connection with this file being present. Windows firewall is disabled but Norton firewall is active. I notice that this is also the case on two other computers I have that have NIS 2009 installed so I assume that this is something that Norton does. This makes sense to me as I understand that firewalls can interfere with each other.

One user said that it was actually an html file. I carefully copied it onto a virtual machine that was not connected to the Internet, opened it in Notepad, and verified that it had what looked like html text. I renamed it to an html suffix and brought it up in a browser. It did render to a Web page. I then deleted the virtual machine image under which I had done this.

The machine on which this problem is occurring is Windows XP with Service Pack 3. The problem first appeared after Windows installed what it called "Critical Updates" on shutdown.

Security is Norton Internet Security 2009. This appears to update virus definitions almost continuously so these should be up to date. I ran a full system scan using Norton and it did not report any viruses, spyware, malware, etc.

Computer is a Dell Dimension 3000 with Intel Celeron 2.4 GHz. System has 2.0 gb RAM.

How should I proceed?

[Karnac]

Go to http://www.computerhope.com/forum/index.php/topic,46313.0.html

Follow the guidelines, post the 3 required logs and a specialist will review your logs in turn

[pkarsh]

Thanks for getting back to me.

I am running Norton Internet Security on my machine. Should I shut it down/disable it before running SuperAntiSpyware and Malware bytes? Should I disconnect from the Internet before running these programs?

Thanks for your help.

[Karnac]

pkarsh,

You'll have to wait for a specialist, but follow the guidelines per se and you should be alright.

[pkarsh]

Here are the requested logs. I have carried out steps 2-6 of the procedure "Read This Before Requesting Malware Help" . In step 1, in Control Panel -> Add/Remove Programs I had seen My Way Search Assistant which was listed as a suspicious program. I had previously researched this and saw that it was put there by Dell, and that the "Remove" from Add/Remove didn't work very well if at all, so I did not try to remove it. It may have been removed anyway by MalwareBytes. I think the other details one would want are present in my initial entry in this thread.

Thanks for your help. I do appreciate it.


[attachment deleted by admin]