Search : in
By :

CESWXFST.SYS, TCEXFST.SYS

Last answer on Dec 5, 2008 9:09:54 pm GMT J, on Aug 5, 2008 4:46:09 pm BST 
 Report this message to moderators

Hello, I am having trouble removing this malicious file from my computer, It is very annoying as it opens up hidden web pages and the sounds can be heard through my speakers. Does anyone know of any good free software that would permanently remove ceswxfst.sys and tcexfst.sys

Configuration: Windows XP
Firefox 2.0.0.16

Best answers for « CESWXFST.SYS, TCEXFST.SYS » in :
File pagefile.sys Show File pagefile.sys Pagefiles.sys also called as swap file is a file created by Windows to surmount lack of RAM. This technique for extending the memory system is called "Virtual Memory". Under Windows 2000 and Windows XP,...
Cleaning pagefile.sys Show Cleaning pagefile.sys Intro Virtual memory extension Intro Pagefile.sys is a file that is currently used by Microsoft Windows to store frames of memory that do not currently fit into physical memory. The paging file allows the memory...
CONFIG.SYS commands Show CONFIG.SYS commands The CONFIG.SYS commands load programs into memory and manage the operation of your equipment. For the most part, they are used only in the CONFIG.SYS file, with the exception of break commands, and rem set, you can...
Using Device Manager under Ms-Dos ShowUsing Device Manager under Ms-Dos Intro Device manager supported by MS-DOS ansi.sys display.sys dblspace.sys driver.sys ega.sys emm386.exe himem.sys ramdrive.sys setver.exe smartdrv.exe Intro A peripheral
Hibernation - hiberfil.sys ShowHibernation - hiberfile.sys The hiberfil.sys is a file running under os Windows Xp and Windows Vista. This file has been created for storing data of in the memory of hiberfil.sys located in the local disk of your computer. This is a main...
Disk boot failure - Insert system disk and press Enter ShowDisk boot failure - Insert system disk and press Enter A new hard drive was installed The hard drive is unplugged Corrupted system files Damaged disk If it happens that you are prompted by the following error message "DISK BOOT...
Download Ultra Sys Info ShowDescription: Ultra Sys Info is simply a utility diagnostic equipment. Features: It will give you all the information you need to record your devices: CPUs, modems, BIOS, drives, graphic cards, drivers, DirectX, UPS and more. Advantages: The...
Download Theme Maker ShowTo obtain good results, it is necessary to work in the best conditions and in a customized work environment. Theme Maker is a program which allows to customize, create or of change your cursors, your icons and bottom of screen. Modify and customize...
Operating Systems - Customising DOS ShowThe DOS start-up procedure is defined in the autoexec.bat and config.sys files located in the root of your "C:\" drive. We highly recommend making back up copies of these files before modifying them. To deactivate a line of command in either file...
Operating Systems - MS-DOS - Tips ShowSetting the CD-ROM drive The CD-ROM drive is configured in the config.sys and autoexec.bat system files. The CD-ROM drive device driver must be configured in the config.sys file (even if the device is automatically detected in Windows). To do...

1

Ehsan, on Aug 9, 2008 2:19:19 am BST

Just figured the solution to this!
The file that is doing this is macidwe.exe, and is starting either ceswxfst.sys or tcexfst.sys or cfexfst.sys. And They all play audio snippets off the web.

If you right click on My Computer, select Manage, go to services and applications, services, and then find the Macidwe Service. Right Click on that, select properties and change the startup type to "Disabled"

Press Ctrl+Alt+Delete and kill all processes you know are associated with this. Macidwe.exe and all the .sys files will be in the Windows/system32 folder, so just find the ones you see pop up when sounds play and delete them.

You should no longer have the problem. I think i just posted the first solution to this on the web :D

Reply to Ehsan

2

Ehsan, on Aug 9, 2008 2:32:12 am BST

Oh and another thing, to delete the files you may have to right click on the files and change the write permissions in the security tab to allow you to delete the files. AND there is another file responsible, tdxdowkc.exe, which also needs to be disabled in management, ended in Task Manager and deleted from system32.

Reply to Ehsan

3

ocracy, on Aug 10, 2008 12:02:22 am BST

Good work! Do you know much about the origin of that software (and the risks)?

Reply to ocracy

21

rsp853, on Aug 16, 2008 1:17:56 pm BST

Thank you Thank you THANK YOU!!!!!!

Reply to rsp853

4

Ehsan, on Aug 10, 2008 12:59:17 am BST

So far i have seen little evidence to indicate a privacy breach, and it is probably most likely that the software was made to cause irritation, but i have no idea who made it, or alternatively what other risks it poses. I think i got it from a duff keygen or crack for Photoshop CS3 (Serves me right)

I also found other files that are responsible - Wserving.exe, Sobicyt.exe Nobicyt and Perfs.exe, known as Perfmons. All off these should be deleted from the system32 folder, as well as blocked in service management. I have a suspicion that Perfs.exe or Wserving may be the key file that keeps making these processes.

Reply to Ehsan

14

hopeless infected, on Aug 11, 2008 6:57:04 pm BST

Should i delete all the "perfs" from my system 32 folder, such as:
perfos
perfmon
all those with "perf" in the name?
ive been winning against it so ffar...

Reply to hopeless infected

5

Ehsan, on Aug 10, 2008 1:03:59 am BST

Oh and Afinding.exe, wow this is some evil malware!

Reply to Ehsan

6

Ehsan, on Aug 10, 2008 1:09:05 am BST

And routing.exe

Im pretty sure thats the last of it. Hopefully no more will be created when i start up again tommorow.

Reply to Ehsan

7

tueurkate, on Aug 10, 2008 4:24:07 pm BST

I had to remove all of these (although it's possible this is more than one infection/problem):

afinding.exe
edtxfst.sys
macidwe.exe
Nobicyt.exe
perfs.exe
routing.exe
sobicyt.exe
tdxdowkc.exe
wserving.exe

I heard a woman giggling. Also, at one point I sneezed and I could have sworn a text-to-speech voice said "gesundheit".

Reply to tueurkate

10

hossy, on Aug 10, 2008 10:38:11 pm BST

Wow I have all of these same ones, so I think they probably are all connected.

Reply to hossy

15

hossy, on Aug 11, 2008 8:09:26 pm BST

I removed them all using this:http://forums.g4tv.com/thread.jspa?messageID=13499420 when I deleted stuff in safemode, I also had to delete perfs. before exiting safe mode you should check your task manager to see if any of these are left, and if so, delete those too:

afinding.exe
edtxfst.sys
macidwe.exe
Nobicyt.exe
perfs.exe
routing.exe
sobicyt.exe
tdxdowkc.exe
wserving.exe

There is also some stuff about mmchost. I didn't have it, so i just ignored the stuff about it in the guide and removed the ones I did have.

Reply to hossy

16

hopeless infected, on Aug 13, 2008 3:11:26 am BST

Thank you man.
problem solved...followed all of the above

Reply to hopeless infected

8

Mario, on Aug 10, 2008 4:39:29 pm BST

These files also appear in c/windows/prefetch, might wanna delete from there too

Reply to Mario

9

j, on Aug 10, 2008 10:09:12 pm BST

Thankyou Ehsan and everyone else that posted on this topic, I have disabled and removed all of the files mentioned. Lets hope they do not come back.

Reply to j

11

szig, on Aug 11, 2008 1:54:52 pm BST

Thank you all guys for your assistance. My laptop kept playing random sound clips at random times. I read all your posts and disabled and deleted all suspected files. So far my computer hasn't played these clips at all so it has appeared to work. This is my work computer and my IT guy lives and swears by Symantec, which did not catch any of these files at all. I keep hounding him about not using Symantec, but obviously that has gotten me nowhere. One thing I did notice though. On the icon for the sobicyt.exe file, I had to squint to read it, but it read TS Online. I googled TS Online and it pulled up various links to "gaming" sites among a few sites regarding online learning. One of these sites might be a mirror site that keeps planting these files on our PC's. Anyway, thanks for the help guys.

Reply to szig

12

madman, on Aug 11, 2008 2:54:50 pm BST

Cfexfst.sys
atsxyzd.sys
routing.exe
wserving.exe
tcexfst.sys
tdxdowkc.exe
Nobicyt.exe
macidwe.exe
msudks.exe
dxtxfst.sys
afinding.exe
edtxfst.sys
perfs.exe
sobicyt.exe

there are all the files i had and the mcafee cleaned 6 trojans that originated from the perfs.exe application
it seems that my infection is more sericous because i have more files then you guys stated earlier
but i am going to all the things you suggested to rid my computer of these horrible files because they were not picked up on any of my scanners except the trojans but most of the files returned to my comp after a few days i will try the new methods and get back to you

Reply to madman

13

Ehsan, on Aug 11, 2008 3:00:52 pm BST

All the sys files are generated and run by the applications made by perfs.exe. the exe's are the ones that are making the problems so dont worry if you have all these sys files going at you.

Reply to Ehsan

17

Phil, on Aug 13, 2008 9:26:19 pm BST

I hate to bust your bubbles, but I have the same problem of radio and other snippets playing at random; I tried what was suggested and found NONE of those files!

So what's my problem?

Reply to Phil

18

hopeless infected, on Aug 14, 2008 3:39:41 am BST

Diffrent virus.
post any you might have.

Reply to hopeless infected

19

RickyC, on Aug 14, 2008 2:20:30 pm BST
  • +1

Thanks for this! I had all them files but the only one that seemed to create sound for me was edtxfst.sys. And this one keeps appearing back in the processes. I kill the process then delete the file and have followed what Ehsan said to do :/

EDIT - actually its edbvfct.sys that keeps appearing for me now D:

Reply to RickyC

20

Afergy, on Aug 15, 2008 4:28:24 pm BST

I too followed the suggestions and found and deleted all the files. My Norton anti virus program keeps picking up however the following exe files with different ending and beginning numbers. A0090039.exe. Norton is putting them in quarntine. I'm not sure of the source. Any suggestions? Can I delete the source once I find out what it is?

Reply to Afergy

22

aiya, on Aug 17, 2008 7:48:01 am BST

I think i figured it out guys

when you get into the computer management, disable all files that have ______ corporation. I.E afinding service or wserving... E.X you should see ''wsering corperation'' in the discription.

Reply to aiya

23

tb, on Aug 22, 2008 9:41:48 pm BST

After you delete the exe files in safe mode
delete the services causing the problems by typing sc delete ______ Service

Careful you don't delete the wrong service!

Reply to tb

24

hossynossy4, on Aug 22, 2008 10:21:20 pm BST

Regrun worked for me when the trojan came back

Reply to hossynossy4

25

jaydoo, on Aug 26, 2008 6:23:45 am BST

I am having the same problem. The only thing is that I have looked every where for the files that you all have listed on the page and I can't find them. I still keep getting the music, radio station and other non sense on the speakers. I press F5 and it refreshes the screen and goes away. It will periodically reappear and I have to hit F5 to get rid of it again. There must be something that we can do or it will come back over and over and over again. I have been going through this for the last 4 months now. It sucks. I leave my speakers off just so I don't hear it. Also from time to time I get a pop up with a broken link. Pretty sure that comes with whats going on. I run Spybot non stop but that doesn't work, then Regcure and doesn't work and the virus systems that I have don't pick up crap. I used Norton 360 and Avast. Need some serious help.

Reply to jaydoo

33

RH, on Oct 17, 2008 7:45:24 am BST

Today is October 17, 2008. Update your McAffee to the latest and it will pick them up. Also update your spybot to the latest and it will pick any left trojans. Make sure you physically disconnect your PC from the internet (disconnect cable or the wireless connection) before you scan in McAfee and spybot.

If anyone knows how to use the Safe mode then return back to nomral mode without loss of my desktop configuration resolution, please let me know.

Reply to RH

26

J, on Aug 28, 2008 11:59:06 pm BST

Now I am having trouble getting rid of another malicious file that surfs the internet on hidden web pages 6LN0dYGS.exe, I delete the file from my system32 folder and it continues to come back. Any suggestions?

Reply to J

27

ancient-one, on Sep 15, 2008 8:03:00 pm BST

J - Has the random sound issue been solved ? I see no postings in September. My son's DEll laptop has this problem.
I had to clear over 100 Trojaan viruses from its hard drive. But the random sound still remains an issue. I will try the
things mentioned in this forum. tks

Reply to ancient-one