Does anybody know anything about these two files ? I'm pretty sure they're part of a trojan downloader package. The first is a nice little bitmap for your desktop with the usual message about your computer being infected with spyware. The second has been on my pc for ages without me realising, it supposedly triggers a blue screen of death and prompts a reboot. It is fake. I would say they are related.

phcacmj0ea2c.bmp 92kb
blphcacmj0ea2c.scr 60kb

Hereward

You've probably done all these already, but FWIW...
I've had a look online and can't find anything that resembles those strings.

If you haven't already done so, try searching on your PC to see where the files are lurking. Maybe the folder name will tell you what the files relate to.

Also try searching in regedit and see if the string "phcacmj0ea2c" appears in the registry. If you find anything there, it might give you a clue about its origins.

Finally, if you open the files in notepad, there's a (very) remote possibility that a description or title has been added which might clarify things.

Good luck!

We are talking about what I hope is a problem in the past. These are files that I kept to one side to get the cause. I suspect this is part of a familly and that the newer file is merely a more recent mutation. I have given the file sizes just in case it jogs soneones memory. The second file has been on my pc for at least four months. Nothing spotted this. Not Kaspersky, AVG, PCtools etc. I found it by searching for files with a similar name to the first.

Hereard

Hereward, would you mind uploading the one that crashes your PC - I'll have a closer look at it if you don't mind?

I've pm'd you. It doesn't actually crash your pc, it makes you think it's crashed. I guess this is an attempt to get you to reboot.

Hereward

.scr is generally a screen saver but it can also hide a trojan.

Enable show file extensions to see if it has a double one.

Other than that i wud bin it!!!

No double extension. Harmless enough on it's own. It's in a rar with a password on it.

Hereward

No double extension. Harmless enough on it's own. It's in a rar with a password on it.

Hereward

from what i have read thats how they start, its probably a virus so i wud remove it asap.

Scan it with NOD32 or whatever av system you have running

Nod32 says that the bmp one is a trojan - very possible to embed a trojan in a picture so you may want to scan your PC hereward.

Both my AV packages have been going 24/7 for nearly three days. I switch off for an hour then set them going again. Been clean for two days now. This was mild compared to previous experiences so I'm not too worried. Pc usage typically at 4%, nothing knocking on the firewall, no browser redirecting, registry clean. Fingers crossed.

Hereward

done a google search nothing m8

what's that anyway?

better to post it for the image appeared on this post if u wanted to be explained by others... :P