I found two exe programs on the root directory which I have no idea what they are:
UXNGFA~1 EXE         8,800  01-04-04 10:47p uxngfaqyfso.exe
KXXQFH~1 EXE         8,800  01-11-04 12:44a kxxqfhtpbbb.exe
        22 file(s)        346,606 bytes
        33 dir(s)      79,265,792 bytes free
How can I find out  without running them and risking a virus
infection? Debug does not give any useful information. Would it be
safe to copy them to a subdirectory or a floppy and deleting them?

A google search shows no matches on either filename, which most likely
means the filenames were randomly generated.  Normally randomly
generated filenames are indicative of a virus.

It's best to let a Virus checker like Norton scan the files.

I'm sure someone else will provide a more thorough answer.

Hi vaac,

First, scan for a virus using HouseCall:
HouseCall: http://housecall.trendmicro.com

Next, scan for spyware:
Dealing with Unwanted Spyware and Parasites:
http://mvps.org/winhelp2002/unwanted.htm

HijackThis:
http://www.tomcoyote.org/hjt/

Good luck,
hummer

Whatever you do, do NOT run these programs.

In general, no self respecting program is going to install executables
in your root directory.  In fact in 15 years of experience with DOS,
Windows and Unix I have never encountered a legitimate program that
does this.  I would feel very safe in counselling you to delete them,
it is extremely unlikely that their loss will result in the
malfunction of any legitimate program on your computer.  If you have
troubles deleting them, simply start your machine in "safe" mode (hold
down F8 during boot, and select "Safe Mode" from the menu), and delete
the files, then reboot normally.

These programs are almost certainly malware of some sort, either
spyware, or even worse, viruses or trojans.  The random file names are
a dead giveaway.  Many viruses use this technique to defeat anti-virus
programs that simply search for a particular filename.  On each
machine the virus infects, the virus generates a new and random
filename.  As you have two such files with different random names, and
the exact same size, this suggest to me that you have been infected at
least twice by the same program.

If you find such exectubles, a good way to determine if they have a
legitimate function is to seach google with the following:

name.exe site:www.liutilities.com

LIUtilities is trying to sell their for-profit software, but google
has indexed their site into a relatively authoritative database of
information on specific windows processes.  If you can't find it at
LIUtilities, and the file's location or name don't make it's function
obvious, you've probably found something that doesn't belong on your
computer.  I'd suggest one last general google search for the file
name before you delete it though.

An excellent and free utility that can help you find these programs,
and stop them from running on your computer is available at:

http://www.sysinternals.com/ntw2k/freeware/autoruns.shtml.

Autoruns shows you every executable and DLL that automatically runs
when you start your computer.  Be cautious when using this tool, as
you can delete important services accidentally.  But just about every
piece of malware on your machine will show up in this tool, as it
indexes every possible way a bad program can start itself on boot or
logon.  With the proper research you can use this tool to find and
delete malware, without paying a cent to anti-virus software vendors.

Off course it never hurts to give you computer a good once-over with a
commercial anti-virus program.

I would run one or more of the following on line scans:

ANTI TROJAN ON LINE SCANS

Online Trojan-Check (Remote Portscan)



Is your system infected by Trojans?
http://www.trojanscan.com/



Symantec Security Check

http://security.symantec.com/ssc/home.asp?langid=ie&venid=sym&plfid=23&pkj=LNHLLSIVFWMFKPXKBQW


PC Flank Make sure you're protected on all sides.

http://www.pcflank.com/

I would guess the computer is infected, first by them being there in
the first place and second by the different dates on the files. 
Usually, this is just the tip of the iceberg.

Perhaps someone can confirm or refute the safety of doing the following:

If you really want to look at the files, I would look at them with
Notepad.  There might be some textual information that can help
identify it.
You could rename the file so the extension is not .exe, but that would
probably confuse the virus checking software.
I would be concerned about debugging it because you might run the program.