|
Beta.exe
I had a file called beta.exe mess with me earlier, it started out as a *.scr,
every time I ran Task Manager or Regedit they would open and then close again. I renamed the file, rebooted and managed to delete it along with 3 registry entries, my AV (eTrust), Ad-Aware and Spybot S&D find nothing else to get rid of. Now, every few minutes, I find that my synched folders in OE are reset, and if I choose to synch accounts everything gets re-downloaded. Any ideas as to what/where I should now be looking to clean up what is obviously some residue left over from this little bugger? TIA Brian |
Re: Beta.exe
Online Antivirus scanners:
-------------------------- http://housecall.antivirus.com/ http://www.pandasoftware.es/activesc...vescan-com.asp http://commandondemand.com/eval/index.cfm http://security2.norton.com/us/home.asp Anti-virus programs: -------------------- eZ Antivirus (Computer Associates) http://www.my-etrust.com/products/Antivirus.cfm Vet (Computer Associates) http://www.vet.com.au/html/products/index.html Sophos http://www.sophos.com/products/software/antivirus/ Gladiator http://www.gladiator-antivirus.com/ F-Prot http://www.f-prot.com/download/ AVG http://www.grisoft.com/ Anti-trojan: ------------ Trojan Defence Suite http://tds.diamondcs.com.au/ Trojan Hunter http://www.misec.net/trojanhunter.jsp Trojan Remover http://www.simplysup.com/ Tauscan http://www.agnitum.com/products/tauscan/ Anti-spyware: --------------------- Spybot Search & Destroy http://security.kolla.de/ Ad-Aware http://www.lavasoftusa.com/ Spyware Blaster http://www.wilderssecurity.net/spywareblaster.html HijackThis http://www.tomcoyote.org/hjt/ Control your startups: --------------------------------- StartupList http://www.lurkhere.com/~nicefiles/ Startup Monitor http://www.mlin.net/StartupMonitor.shtml Check what's necessary and what isn't http://www.pacs-portal.co.uk/startup...tartup_all.php http://www.3feetunder.com/krick/startup/list.html http://www.greatis.com/regrun3startupprograms.htm http://www.greatis.com/regrun3appdatabase.htm http://www.greatis.com/regrun3necessary.htm Basic system maintenance: http://uk.geocities.com/personel44/maintenance.html On Mon, 30 Jun 2003 18:55:12 +0100, in <1Q_La.164$nP.21@newsfep4-winn.server.ntli.net> Brian H¹© scrawled: >I had a file called beta.exe mess with me earlier, it started out as a *.scr, >every time I ran Task Manager or Regedit they would open and then close again. >I renamed the file, rebooted and managed to delete it along with 3 registry >entries, my AV (eTrust), Ad-Aware and Spybot S&D find nothing else to get rid >of. > >Now, every few minutes, I find that my synched folders in OE are reset, and if I >choose to synch accounts everything gets re-downloaded. > >Any ideas as to what/where I should now be looking to clean up what is obviously >some residue left over from this little bugger? > >TIA >Brian > -- STGP, OGPE24HSHD |
Re: Beta.exe
X-No-Archive: Yes
Errrrr...erm... °Mike° said: (snip) As a regular, Mike, I'm aware of the links you posted. And as I said, nothing is being picked up by AV, Ad-Aware *or* Spybot S&D. Every time I open OE, my folders are reset and synching reloads everything instead of just the newest messages. > > > On Mon, 30 Jun 2003 18:55:12 +0100, in > <1Q_La.164$nP.21@newsfep4-winn.server.ntli.net> > Brian H¹© scrawled: > >> I had a file called beta.exe mess with me earlier, it started out as a *.scr, >> every time I ran Task Manager or Regedit they would open and then close >> again. I renamed the file, rebooted and managed to delete it along with 3 >> registry entries, my AV (eTrust), Ad-Aware and Spybot S&D find nothing else >> to get rid of. >> >> Now, every few minutes, I find that my synched folders in OE are reset, and >> if I choose to synch accounts everything gets re-downloaded. >> >> Any ideas as to what/where I should now be looking to clean up what is >> obviously some residue left over from this little bugger? >> >> TIA >> Brian |
Re: Beta.exe
On Mon, 30 Jun 2003 19:38:29 +0100, in
<Ds%La.228$nP.39@newsfep4-winn.server.ntli.net> Brian H¹© scrawled: >X-No-Archive: Yes > Errrrr...erm... °Mike° said: > >(snip) > >As a regular, Mike, I'm aware of the links you posted. >And as I said, nothing is being picked up by AV, Ad-Aware >*or* Spybot S&D. Every time I open OE, my folders are reset >and synching reloads everything instead of just the newest >messages. Sorry, Brian, I didn't even look at your name - I was busy doing something else at the same time, and just posted the standard links... :-/ Select the group/s and right-click / 'Synchronization settings'. You'll see the options. <snip> -- STGP, OGPE24HSHD |
Re: Beta.exe
X-No-Archive: Yes
Errrrr...erm... °Mike° said: > On Mon, 30 Jun 2003 19:38:29 +0100, in > <Ds%La.228$nP.39@newsfep4-winn.server.ntli.net> > Brian H¹© scrawled: > >> X-No-Archive: Yes >> Errrrr...erm... °Mike° said: >> >> (snip) >> >> As a regular, Mike, I'm aware of the links you posted. >> And as I said, nothing is being picked up by AV, Ad-Aware >> *or* Spybot S&D. Every time I open OE, my folders are reset >> and synching reloads everything instead of just the newest >> messages. > > Sorry, Brian, I didn't even look at your name - I was busy > doing something else at the same time, and just posted the > standard links... :-/ > > Select the group/s and right-click / 'Synchronization settings'. > You'll see the options. > > <snip> That's not my problem, every time I start OE, and after about every 5 minutes once opened, something seems to be clearing the cache and if I click synch, all message bodies get downloaded again. This has only been happening since I had this damned file run on my system. I haven't changed my OE settings at all from what they are usually set at. It's not really a big deal re-downloading the bodies, but I would like to find out what is causing this to happen. |
Re: Beta.exe
X-No-Archive: Yes
Errrrr...erm... Richard said: > "Brian H¹©" <no.spam@this.addy.ta> wrote in message > news:1Q_La.164$nP.21@newsfep4-winn.server.ntli.net... >> I had a file called beta.exe mess with me earlier, it started out as a *.scr, >> every time I ran Task Manager or Regedit they would open and then close >> again. I renamed the file, rebooted and managed to delete it along with 3 >> registry entries, my AV (eTrust), Ad-Aware and Spybot S&D find nothing else >> to get rid of. >> >> Now, every few minutes, I find that my synched folders in OE are reset, and >> if I choose to synch accounts everything gets re-downloaded. >> >> Any ideas as to what/where I should now be looking to clean up what is >> obviously some residue left over from this little bugger? >> >> TIA >> Brian >> > > http://www.sophos.com/virusinfo/analyses/w32kwbote.html taken from sophos' site W32/KWBot-E copies itself to the Windows system folder as XMW32.EXE and creates the folder <Windows>\sCache32. W32/KWBot-E then Did you spot that the file I am talking about is called beta.exe and not xmw32.exe? > > http://www.trendmicro.com/vinfo/viru...e=WORM_XMS.A&V > Sect=T > > look for a folder called \scache32 and the same in the registry. taken from trendmicro "Upon execution, this worm drops a copy of itself named XMS32.EXE in the Windows system directory" Again, the file I am talking about is called beta.exe |
Re: Beta.exe
On Mon, 30 Jun 2003 19:56:16 +0100, in
<jJ%La.248$nP.231@newsfep4-winn.server.ntli.net> Brian H¹© scrawled: <snip> >>That's not my problem, every time I start OE, and after >about every 5 minutes once opened, something seems to be >clearing the cache and if I click synch, all message bodies >get downloaded again. This has only been happening since I >had this damned file run on my system. I haven't changed my >OE settings at all from what they are usually set at. It's >not really a big deal re-downloading the bodies, but I would >like to find out what is causing this to happen. I'd get a second opinion, if I were you. Just because your AV and AAW/SB doesn't report anything, doesn't mean you're clean. Use StartupList http://www.lurkhere.com/~nicefiles/ and HijackThis http://www.tomcoyote.org/hjt/ Startup Monitor is also a great 'alerter' for anything that tries to register itself to run at startup - for the future. http://www.mlin.net/StartupMonitor.shtml -- STGP, OGPE24HSHD |
Re: Beta.exe
"Brian H¹©" <no.spam@this.addy.ta> wrote in message news:EM%La.252$nP.175@newsfep4-winn.server.ntli.net... > X-No-Archive: Yes > Errrrr...erm... Richard said: > > > "Brian H¹©" <no.spam@this.addy.ta> wrote in message > > news:1Q_La.164$nP.21@newsfep4-winn.server.ntli.net... > >> I had a file called beta.exe mess with me earlier, it started out as a *.scr, > >> every time I ran Task Manager or Regedit they would open and then close > >> again. I renamed the file, rebooted and managed to delete it along with 3 > >> registry entries, my AV (eTrust), Ad-Aware and Spybot S&D find nothing else > >> to get rid of. > >> > >> Now, every few minutes, I find that my synched folders in OE are reset, and > >> if I choose to synch accounts everything gets re-downloaded. > >> > >> Any ideas as to what/where I should now be looking to clean up what is > >> obviously some residue left over from this little bugger? > >> > >> TIA > >> Brian > >> > > > > http://www.sophos.com/virusinfo/analyses/w32kwbote.html > > taken from sophos' site > W32/KWBot-E copies itself to the Windows system folder as XMW32.EXE and creates > the folder <Windows>\sCache32. W32/KWBot-E then > > Did you spot that the file I am talking about is called beta.exe and not > xmw32.exe? > Did you bother to read the page and note the fact that it was discussing the beta.exe file? of course not. from now on, DYOFDW. |
Re: Beta.exe
X-No-Archive: Yes
Errrrr...erm... Richard said: > "Brian H¹©" <no.spam@this.addy.ta> wrote in message > news:EM%La.252$nP.175@newsfep4-winn.server.ntli.net... >> X-No-Archive: Yes >> Errrrr...erm... Richard said: >> >>> "Brian H¹©" <no.spam@this.addy.ta> wrote in message >>> news:1Q_La.164$nP.21@newsfep4-winn.server.ntli.net... >>>> I had a file called beta.exe mess with me earlier, it started out as a >>>> *.scr, every time I ran Task Manager or Regedit they would open and then >>>> close again. I renamed the file, rebooted and managed to delete it along >>>> with 3 registry entries, my AV (eTrust), Ad-Aware and Spybot S&D find >>>> nothing else to get rid of. >>>> >>>> Now, every few minutes, I find that my synched folders in OE are reset, and >>>> if I choose to synch accounts everything gets re-downloaded. >>>> >>>> Any ideas as to what/where I should now be looking to clean up what is >>>> obviously some residue left over from this little bugger? >>>> >>>> TIA >>>> Brian >>>> >>> >>> http://www.sophos.com/virusinfo/analyses/w32kwbote.html >> >> taken from sophos' site >> W32/KWBot-E copies itself to the Windows system folder as XMW32.EXE and >> creates the folder <Windows>\sCache32. W32/KWBot-E then >> >> Did you spot that the file I am talking about is called beta.exe and not >> xmw32.exe? >> > > Did you bother to read the page and note the fact that it was discussing the > beta.exe file? > of course not. from now on, DYOFDW. Do you know the difference between something renaming *from* beta.exe and renaming *to* beta.exe ? I didn't ask you to do my dirty work for me, I didn't ask *you* to do *anything* for me. |
| All times are GMT. The time now is 04:59 AM. |
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.