Can't Remove Mystery Service

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Joatman71 (joatman71_at_yahoo.com)
Date: 09/22/04 

Date: 22 Sep 2004 15:28:48 -0700

I have a process running on my XP Pro machine that I can't seem to get
rid of. It is called vgaac.exe. It uses up quite a lot of memory. I
can't find this name anywhere on the Internet. Since I can't find any
reference to it and because it acts very funny, I am thinking it is
some sort of Virus/Trojan/Spyware/Adware. I am also worried that if I
do end up killing it, I will mess up my computer if it is important.

If I kill this process it starts up again. I found the executable
name in the registry under
HKEY_LOCAL_MACHINE/Software/Microsoft/widows/CurrentVersion/RunOnce
(also under Run) and deleted it, but it comes back again. It is
strange that it is always in RunOnce. If I start in safe mode, it is
already running. The executable is in c:\windows\ assembly\temp, but
that directory can't be accessed from Windows Explorer. I need to get
there via DOS. The executable is hidden. If I try to delete it, it
says that the file cannot be found, but it can be listed using dir /A.
 If I try to change the attribute I get "Not resetting system file -
C:\WINDOWS\assembly\temp\vgaac.exe". There are also other hidden
directories in the assembly directory that relate to the .NET
framework. I don't want to uninstall the Framework.

Ad-aware 6.0 and Symantec Antivirus 9 don't seem to think it is a
problem. I would hate to get rid of it if it is important. Does
anyone know what it is? I am now thinking of installing the drive as
a slave in another computer and removing the files that way. Any
other suggestions?

Thanks
Joatman71

Relevant Pages

  • RE: Cant Remove Mystery Service
    ... > I have a process running on my XP Pro machine that I can't seem to get ... I don't want to uninstall the Framework. ... I would hate to get rid of it if it is important. ... > a slave in another computer and removing the files that way. ...
    (microsoft.public.windowsxp.general)
  • Re: Trojen that I cant get Rid of
    ... that I cannot get rid of. ... When I delete the item, it re-creates another instance (process running) and makes an entry in the Registry ...
    (microsoft.public.windowsxp.general)
  • Re: Application path
    ... "getting rid of" file:// is to use the Uri class and its accessors ... >> On the Compact Framework you could use this alternative to ... >> Peter Foot ... >>> Ole ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Application path
    ... "getting rid of" file:// is to use the Uri class and its accessors ... >> On the Compact Framework you could use this alternative to ... >> Peter Foot ... >>> Ole ...
    (microsoft.public.dotnet.framework.compactframework)
  • Trojen that I cant get Rid of
    ... there is a process running and there is a suspicious item in the ... that I cannot get rid of. ... When I check HKLM-Run, there is one item that is running that I can't ...
    (microsoft.public.windowsxp.general)