Whenever I try to run any application on my computer, I get two pop up
error messages stating that the fiels xadjmkiof.exe and ejvoynqaf.exe
are missing and needed to run applications.  I am unable to use the
computer because this error message cannot be closed, PLEASE HELP!!!!!

---

Request for Question Clarification by chellphill-ga on 13 Aug 2003 23:20 PDT

A few questions if you don't mind?
Do the file names change in error messages? Or are the error messages
consistant
in naming xadjmkiof.exe and ejvoynqaf.exe as the missing files?
Are you sure you have the spelling of of the file names correct?
How long has this been going on, and what signifigant events (if any)
can you remember occuring about the time this problem started? (such
as installing a new program ect..)
And finally, have you done a virus scan on your computer since this
problem began?
Thanks!

---

Clarification of Question by rashad-ga on 14 Aug 2003 06:01 PDT

1.  Do the file names change in error messages?  No, it is always the
same two files names.

2.  Or are the error messages consistant in naming xadjmkiof.exe and
ejvoynqaf.exe as the missing files? Yes, it is always and only these
two files.

3.  Are you sure you have the spelling of of the file names correct?
Yes, the spelling is correct.  That is why I am stumped, I cannot find
anything on these files.

4.  How long has this been going on, and what signifigant events (if
any)
can you remember occuring about the time this problem started? (such
as installing a new program ect..)  The computer is a friends.  It ran
very poorly and was recently hooked up to SBC Yahoo DSL, he had
problems with the DSL and SBC had him download another connection
program.  I went over and attempted to install Norton system works on
it and once the download was complete two viruses were detected.  I
assumed they were removed and when the computer rebooted, this is when
the error messages with the wierd file names showed up. I could not
run any applications and even tried running norton from DOS and could
not do it.

Hello rashad-ga!

From your description of your problem, and the unusual file names
given in the error message, I would say that the problem is most
certainly cause by a virus or a backdoor trojan that creates randomly
generated names.

The problem your having is usually noticed after the trojan was
manually removed, or only partially removed. Since it has affected
your registry, and how your computer handles exe files, you will need
to repair it.

If you have lost the ability to open any .exe files, you are going to
have to reboot off of a floppy.
If you do not already have an emergency boot disk,  here is some more
information for creating a boot disk for the different versions of
windows...
http://www.computerhope.com/boot.htm#05
If you are trying to create a boot disk from another computer that
uses a different version of windows, you can download the contents of
the appropriate boot disks here,
http://www.bootdisk.com/bootdisk.htm
(Most of the bootdisk files are self extracting images of bootable
floppies. After you download the image file, insert a fresh floppy in
your A: drive and click on the file to make the disk. )

Once you have booted up using your emergency boot disk, you will see
an A: prompt.
At the A: prompt, type in C: and hit enter.
At the C: prompt, type in CD windows and then hit enter.
When you get to the windows prompt, type in copy regedit.exe
regedit.com and then hit enter.
By doing this, you should now have the ability to use regedit.
Take out the floppy and then reboot the computer.

Once the computer boots back up go to the start button, and click on
run.
In the run box, type in regedit.com and click OK.
You now need to locate these keys...
HKEY_CLASSES_ROOT\exefile\shell\open\command
HKEY_LOCAL_MACHINE\exefile\CLASSES\exefile\shell\open\command\
HKEY_LOCAL_MACHINE\Software\CLASSES\exefile\shell\open\command
These keys should have a value of  "%1" %* ( example: a trojan might
show up \"trojan.exe%1\" %*" as a value)
On the right hand side, right click on where it says "default" and
choose "modify"
In the Value data input box, delete the existing value and type the
default value:
"%1" %*
Close regedit.
Click on start, then run, and in the run box type in sysedit and hit
enter.
Select the SYSTEM.INI window, Under the [boot] section, locate the
line that begins with: Shell=Explorer.exe
If that line says anything else remove it, so that the line only reads
Shell=explorer.exe
Then select the WIN.INI window, under the Windows section, look for
the lines that start with run= and load=
If you see xadjmkiof.exe or ejvoynqaf.exe, then delete them. 
(There might be legitimate entries along with them, however
I would write down entries, and then go ahead and delete them just in
case. If you find it was something needed, you can go
back later and restore the legitimate entry.)
Close sysedit, and choose yes when it asks you if you would like to
save.
Go to start, and then find (or search) for files and folders, and do a
search for xadjmkiof.exe,ejvoynqaf.exe and if the files are found
make note of their location, and then delete them.
Then go back to start, run, and type in regedit.
Once regedit is up, go to Edit, and then find, and do a search for
xadjmkiof.exe and ejvoynqaf.exe
If either are found, then delete them.
Then locate the following key...
HKEY_CLASSES_ROOT\.exe 
In the right pane, right click on default, choose modify, and change 
the value to exefile
Also, make sure HKEY_CLASSES_ROOT\.exe is not an expandable branch, if
there is a + sign in front of it, click the + and delete the subbranch
below the .exe. Close Regedit, rename Regedit.com back to Regedit.exe
and restart the machine.

Here is some information about how trojans autostart
http://www.pestpatrol.com/PestInfo/A/AutoStartingPests.asp
http://www.lokbox.net/help/html/Security/TrojanDetection.htm

http://pcsrvc.com/ardmore/p_park.html
(this information is pertaining to the pretty park worm, but the
instructions for removal are pretty much the same as listed as above)

Examples of problems similiar to yours:
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&threadm=uElavW4sBHA.2760%40tkmsftngp05&rnum=47&prev=/groups%3Fq%3DRon%2BBadour%2Bexe%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26start%3D40%26sa%3DN

http://support.microsoft.com/default.aspx?scid=kb;en-us;q228903
(Not the same error message but gives you a good idea of what causes
errors like this.)

If you have any questions about the information in which I have 
provided, do feel free to request a clarification of my answer. 
And please be sure to allow me enough time to respond to your 
clarification request before rating the answer. 
 
Thanks so much! 
chellphill-ga

Search Terms used:
missing *.exe files
unknown *.exe files

If I could give 100 stars the answer and help to my question deserve it.