what does module hwkapd.exe do and why is it loaded in my system?

---

Request for Question Clarification by aceresearcher-ga on 27 May 2004 11:16 PDT

Greetings, yvette!

Can you verify that the correct spelling is "hwkapd.exe" ?

Thanks,

aceresearcher

---

Clarification of Question by yvette176-ga on 27 May 2004 14:12 PDT

yes, the exact spelling of the load module name is hwkapd.exe.  it
resided in c:\winnt\system32\.  the system is w2k pro sp4.

if you would like, i will send it to you as a .zip file, or i can ftp
it to anywhere you designate.

please advise.

tia!
yvette

---

Request for Question Clarification by hummer-ga on 27 May 2004 17:20 PDT

Hi yvette176,

A good place to start is to scan your computer with these programs:

HouseCall (very thorough online virus scan):
http://housecall.trendmicro.com/

Adaware (Search for Updates before running):
http://www.spychecker.com/program/adaware.html

Regards,
hummer

---

Clarification of Question by yvette176-ga on 27 May 2004 18:41 PDT

hi,

thanks for the ideas.

i renamed the offending module above back to it's original name (in
case housecall would look at file names).  i then ran the trend micro
housecall thing, and found an uninstalled christine aguillera
screensave (!), which i promptly wiped with pgp.  however, the
offending module above (which is the subject of this query) was not
identified.  and why our licensed sohpos anti-vi didn't find the
screensaver is something i now have to take up with them.

afa ad-aware goes, i have installed spybot S&D and hijackthis!, and
neither of them paid any attention to this module.  i have
consistently found spybot S&D to be more efficient and thoro than
ad-aware, so i'll pass on the ad-aware (for now).

thus, my question remains unanswered.  thanks for the housecall idea,
tho!  how that screensaver got downloaded remains a mystery (as does
how VX2 got installed even tho i have active-x blocking!)

if anyone has any other ideas, as Ross once said, "i'm all ears".

---

Clarification of Question by yvette176-ga on 27 May 2004 18:44 PDT

note everybody that i have now upped the ante on the question.

stump the stars!  <g>

---

Request for Question Clarification by aceresearcher-ga on 27 May 2004 18:50 PDT

Yvette,

I *do* recommend that you install and run AdAware as well (be sure to
click "Search for Updates" in both AdAware and Spybot before each time
that you run them). I (and numerous people I know) run both of them. I
have found them to be complementary -- what one does not catch,
sometimes the other does.

As far as the hwkapd.exe module, am I correct in understanding that
you actually found this executing on your system?

Can you execute HijackThis, and post a copy of your log?

Thanks,

aceresearcher

---

Clarification of Question by yvette176-ga on 27 May 2004 22:38 PDT

aceresearcher-ga, you win.

i installed ad-aware and it found the program (as well as 71 other
things that hijackthis! and spybot S&D didn't find!  who knew?):

Data Miner c:\winnt\system32\ysh_renamed_hwkapd.exe 

it's part of the VX2 thing that some @#$! sent me without my knowledge
or approval.  it's now gone.

so since this is my first google question, how do you get paid?  please advise.

thanks for the help to everyone!

ciao
yvette176

Yvette,

I am **so** pleased that I was able to help you resolve your nasty little bug.

One of the things that I really *despise* is scumware and the
bottom-feeding scum that create them.

(Okay, so I'm a little passionate about this.)

By my posting an Answer here, Google Answers will pay me the fee for your Question.


In addition to recommending 

Spybot Search & Destroy
http://www.security.kolla.de

AdAware
http://www.lavasoft.de

*** IMPORTANT ***
If you already have Spybot and/or AdAware installed on your PC, be
sure to download the latest updates first **each time you run them**.
*****************

and

HijackThis!
http://www.spychecker.com/program/hijackthis.html
http://www.net-integration.net/tools/hijackthis.html


I also recommend these other helpful free anti-scumware diagnostic and
removal utilities:

CWShredder: 
http://www.spychecker.com/program/coolwebshredder.html 

Online Housecall
http://housecall.antivirus.com

StartupList
http://www.net-integration.net/tools/hijackthis.html


Something to keep in mind is that even if these programs give your
system a "clean bill of health", it does *not* mean that you can be
absolutely sure that your system is clean. It is only a *reasonable
assurance* that it is clean.


Some great sites for information about viruses, worms, Trojans, and parasites are:

DoxDesk
http://www.doxdesk.com

SpywareInfo.com
http://forums.spywareinfo.com

Tom Coyote
http://forums.tomcoyote.com


If you are not already running a firewall on your computer, it is
really *critical* that you do so.

If you aren't, I definitely recommend that you install Zone Alarm or
Zone Alarm Pro. I (and many people I know) use the Pro (paid) version,
which provides more extensive protection and customization. You can
download them here:
http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp


It's also VERY important to continue to check with Microsoft
periodically and make sure that you have installed any new
security-related patches that have been released. You can find out if
there are any available by going here:
http://v4.windowsupdate.microsoft.com/en/default.asp


I hope that this information has provided you with exactly the
information you need to keep your computer healthy and your surfing
experience a smooth one!

Best Wishes,

ace