Jump to content

A0222750.exe & \A0222751.exe

Recommended Posts

I recently ran malwarebytes in SafeMode on my two 'in-tower' hard drives and found 2 iehv.exe in two folders (one an archive from some years ago) and a copy of PKTMP000.exe (also in an old archive folder) in a path suggesting that it was an early update of Mozilla SeaMonkey. I asked malwarebytes to deal with them. They were quarantined.

I realized I had not run malwarebytes on my ESATA drive, so 7 hours later I ran it again, both on the 'in-tower' hard drives previously examined and on the ESATA drive. The ESATA is a 0.5 TB drive with several 'archives' that are just drag and drop copies of folders in My Documents, etc.

On the ESATA drive I found more copies of the iehv.exe and PKTMP000.exe.

To my surprise, two more files were found on my F: drive where I store data but no programs. Malwarebytes reported these files:

f:\system volume information\_restore{c9281341-b140-4276-9ec5-52964cc00f0f}\RP1362\A0222750.exe (PUP.HistoryTool) -> Q&DS

f:\system volume information\_restore{c9281341-b140-4276-9ec5-52964cc00f0f}\RP1362\A0222751.exe (PUP.HistoryTool) -> Q&DS

Q&DS is my contraction of "Quarantined and deleted successfully." It makes the report easier to read in Word in landscape mode.

I've had trouble finding anything concrete about these executable files. I found these lines in a KAS report in a post from 2/11/10:


C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1171\A0222750.exe Infected: Virus.Win32.Sality.l 1

C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1171\A0222751.exe Infected: Virus.Win32.Sality.l 1

If these are significant, why weren't they detected 7 hours earlier? If they are significant, what are they and what should I do about them?



Link to post
Share on other sites

I see I should have provided the following information;

I am running WinXPPro/SE3 fully patched.

My OS is 32bit.

I have MBAM as a free version being used on a home computer

MBAM database version is 8020

I use Avast6.0.1289 with definitions 111028-2 (which is updated several times a day.)

My D-Link DI-604a router came with a SPI firewall installed.

I do not use P2P software.

My Yahoo email account was recently hacked and used to send spam. My first defense was to delete the contact list. I don't use it to send email. I've subsequently learned that I should go back and harden the password (a simple invented word in German) so that it includes at least 1 digit and one character.

A point of advice. Is it poor practice to use a common password for access to forums? My 71-year-old brain has trouble remembering them. It seems pointless to put them in a Word document on my hard drive as anyone who gains access to my machine can quickly scan it for 'useful' information. Paranoia seems useful up to a point. After that it leads to paralysis and the computer becomes an anchor, not a vessel to go places.

Is the Password Manager that came with Mozilla SeaMonkey (current version) another point of paranoia?

thanks (and sorry for not providing what was clearly requested in the FAQ)


Link to post
Share on other sites

  • Root Admin

Hello and welcome to Malwarebytes

I'm sorry but we don't really analyze malware at that level here in the general forums.

If you think you are infected, here are the steps needed to get your computer cleaned....

Please read the following so that you can begin the cleaning process:

Don't use any temporary file cleaners unless requested - this can cause data loss and make recovery difficult

You have 3 Options that you can choose from as listed below:

  • Option 1 —— Free Expert advice in the Malware Removal Forum
  • Option 2 —— Paying customer -- Contact Support via email
  • Option 3 —— Premium, Fee-Based Support


As we don't deal with malware removal in the
General Malwarebytes' Anti-Malware Forum
, you need to start a topic in the

Malware Removal forum

so a qualified helper can help you fix any malware related problems/infections you may have.

  • Please read and follow the
    directions here
    , skipping any steps you are unable to complete.

  • After posting your new post, make sure under
    , you select
    Track this topic
    and choose
    Immediate Email Notification

    so that you're alerted when someone has replied to your post.


Please do not post back to (bump) your topic within the first 48 hours.

Replying to your own posts changes the post count and helpers are looking for topics with zero replies.

If you reply to your own post helpers may think that you're already being helped and thus overlook your post.
    • If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again.


    • You may send a Private Message to a Moderator asking for assistance.


Alternatively, as a paying customer, you can contact the help desk at


If you would like to use our
Malwarebytes Premium Services
, Comprehensive solutions to all your computer support needs—from installation and set-up to troubleshooting and tune-ups go to our
Malwarebytes Premium Services
support site.

Please be patient, someone will assist you as soon as possible.

PS: Please use the "Add Reply" Add-Reply.png button not the Reply button when you start replying.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.