|
|
|
|
01-11-2004, 07:49 PM
|
#1 |
What virus is this?
Found an executable on my windows\system dir: mpwzojgl.exe, though
earlier it had a different name, so it seems to spawn random names. Size is 453K . Norton didn't turn up anything, neither did spybot or adaware. First saw it while running a check on my running processes in proport(recommended BTW) Pretty sure it knocked out my Norton installation first time round and had to reinstall. Can't find any suspicious HKLM or HKCU run, runonce or runservices. Oh, and running the exec gives the error "can't load ak32dll.dll"(did a find file..no luck) after which the exec deletes itself! WTF? Any ideas out there? Modecate |
|
|
|
01-11-2004, 11:43 PM
|
#2 |
|
Posts: n/a
|
Re: What virus is this?
"Modecate" <> wrote in message
news:... > Found an executable on my windows\system dir: mpwzojgl.exe, though > earlier it had a different name, so it seems to spawn random names. > Size is 453K . Norton didn't turn up anything, neither did spybot or > adaware. First saw it while running a check on my running processes in > proport(recommended BTW) Pretty sure it knocked out my Norton > installation first time round and had to reinstall. Can't find any > suspicious HKLM or HKCU run, runonce or runservices. Oh, and running > the exec gives the error "can't load ak32dll.dll"(did a find file..no > luck) after which the exec deletes itself! WTF? Any ideas out there? Don't attempt to run things that you think are viruses? Or did I miss something..? ;o) -- Hairy One Kenobi Disclaimer: the opinions expressed in this opinion do not necessarily reflect the opinions of the highly-opinionated person expressing the opinion in the first place. So there! P.S. Don't forget win.ini.. Hairy One Kenobi |
|
|
|
01-12-2004, 12:36 AM
|
#3 |
|
Posts: n/a
|
Re: What virus is this?
Modecate wrote:
> Found an executable on my windows\system dir: mpwzojgl.exe, though > earlier it had a different name, so it seems to spawn random names. > Size is 453K . Norton didn't turn up anything, neither did spybot or > adaware. First saw it while running a check on my running processes in > proport(recommended BTW) Pretty sure it knocked out my Norton > installation first time round and had to reinstall. Can't find any > suspicious HKLM or HKCU run, runonce or runservices. Oh, and running > the exec gives the error "can't load ak32dll.dll"(did a find file..no > luck) after which the exec deletes itself! WTF? Any ideas out there? > Looks to be a custom or unknown virus. You may be on your own to clean it up. Best thing to do is kill the process and then all of it's start points such as in the registry or startup folder. After killing the start points reboot and make sure it's not running (meaning you got all the start points) then remove the exe's. I've seen custon trojan horses like what you are describing they get passed along through filesharing programs or things people may send you while chatting. Nick |
|
|
|
01-12-2004, 07:35 AM
|
#4 |
|
Posts: n/a
|
Re: What virus is this?
Modecate wrote:
> Found an executable on my windows\system dir: mpwzojgl.exe, though > earlier it had a different name, so it seems to spawn random names. > Size is 453K . Norton didn't turn up anything, neither did spybot or > adaware. First saw it while running a check on my running processes in > proport(recommended BTW) Pretty sure it knocked out my Norton > installation first time round and had to reinstall. Can't find any > suspicious HKLM or HKCU run, runonce or runservices. Oh, and running > the exec gives the error "can't load ak32dll.dll"(did a find file..no > luck) after which the exec deletes itself! WTF? Any ideas out there? In addition to some of the other suggestions are you monitoring out bound traffic... Could this be someone manipulating things from the outside? -Lone_Wolf- |
|
|
|
01-12-2004, 07:59 PM
|
#5 |
|
Posts: n/a
|
Re: What virus is this?
On Mon, 12 Jan 2004 07:35:43 GMT, "-Lone_Wolf-"
<-lone_wolf-@CLOTHESexcite.com> wrote: >Modecate wrote: >> Found an executable on my windows\system dir: mpwzojgl.exe, though >> earlier it had a different name, so it seems to spawn random names. >> Size is 453K . Norton didn't turn up anything, neither did spybot or >> adaware. First saw it while running a check on my running processes in >> proport(recommended BTW) Pretty sure it knocked out my Norton >> installation first time round and had to reinstall. Can't find any >> suspicious HKLM or HKCU run, runonce or runservices. Oh, and running >> the exec gives the error "can't load ak32dll.dll"(did a find file..no >> luck) after which the exec deletes itself! WTF? Any ideas out there? > >In addition to some of the other suggestions are you monitoring out bound >traffic... Could this be someone manipulating things from the outside? > Yeah, I'm running Proport, which is a really good process and connection monitor, as well as ZA and Kerio. It's stopped replicating btw and I've seen no more activity today. Still got the thing renamed in a quarantine directory though. I suppose that random renaming thing makes some kind of malware a dead cert though. Modecate |
|
|
 |
| Thread Tools | Search this Thread |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Beware of zCodec: it's malware | Jeff | DVD Video | 1 | 09-05-2006 02:27 AM |
| Manchester United Virus | Kenny | A+ Certification | 3 | 09-07-2004 07:41 PM |
| Re: Virus Problem ** Help!** | David BlandIII | A+ Certification | 1 | 03-02-2004 06:00 PM |
| Re: Virus Problem ** Help!** | jim6538980 | A+ Certification | 7 | 02-25-2004 04:39 PM |
| Re: Looking for Virus Removal Info | Ghost | A+ Certification | 0 | 07-25-2003 11:33 PM |
