What virus is this?

Discussion in 'Computer Security' started by Modecate, Jan 11, 2004.

  1. Modecate

    Modecate Guest

    Found an executable on my windows\system dir: mpwzojgl.exe, though
    earlier it had a different name, so it seems to spawn random names.
    Size is 453K . Norton didn't turn up anything, neither did spybot or
    adaware. First saw it while running a check on my running processes in
    proport(recommended BTW) Pretty sure it knocked out my Norton
    installation first time round and had to reinstall. Can't find any
    suspicious HKLM or HKCU run, runonce or runservices. Oh, and running
    the exec gives the error "can't load ak32dll.dll"(did a find file..no
    luck) after which the exec deletes itself! WTF? Any ideas out there?
    Modecate, Jan 11, 2004
    #1
    1. Advertising

  2. "Modecate" <> wrote in message
    news:...
    > Found an executable on my windows\system dir: mpwzojgl.exe, though
    > earlier it had a different name, so it seems to spawn random names.
    > Size is 453K . Norton didn't turn up anything, neither did spybot or
    > adaware. First saw it while running a check on my running processes in
    > proport(recommended BTW) Pretty sure it knocked out my Norton
    > installation first time round and had to reinstall. Can't find any
    > suspicious HKLM or HKCU run, runonce or runservices. Oh, and running
    > the exec gives the error "can't load ak32dll.dll"(did a find file..no
    > luck) after which the exec deletes itself! WTF? Any ideas out there?


    Don't attempt to run things that you think are viruses?

    Or did I miss something..? ;o)

    --

    Hairy One Kenobi

    Disclaimer: the opinions expressed in this opinion do not necessarily
    reflect the opinions of the highly-opinionated person expressing the opinion
    in the first place. So there!

    P.S. Don't forget win.ini..
    Hairy One Kenobi, Jan 11, 2004
    #2
    1. Advertising

  3. Modecate

    Nick Guest

    Modecate wrote:
    > Found an executable on my windows\system dir: mpwzojgl.exe, though
    > earlier it had a different name, so it seems to spawn random names.
    > Size is 453K . Norton didn't turn up anything, neither did spybot or
    > adaware. First saw it while running a check on my running processes in
    > proport(recommended BTW) Pretty sure it knocked out my Norton
    > installation first time round and had to reinstall. Can't find any
    > suspicious HKLM or HKCU run, runonce or runservices. Oh, and running
    > the exec gives the error "can't load ak32dll.dll"(did a find file..no
    > luck) after which the exec deletes itself! WTF? Any ideas out there?
    >


    Looks to be a custom or unknown virus. You may be on your own to clean
    it up. Best thing to do is kill the process and then all of it's start
    points such as in the registry or startup folder. After killing the
    start points reboot and make sure it's not running (meaning you got all
    the start points) then remove the exe's. I've seen custon trojan horses
    like what you are describing they get passed along through filesharing
    programs or things people may send you while chatting.
    Nick, Jan 12, 2004
    #3
  4. Modecate

    -Lone_Wolf- Guest

    Modecate wrote:
    > Found an executable on my windows\system dir: mpwzojgl.exe, though
    > earlier it had a different name, so it seems to spawn random names.
    > Size is 453K . Norton didn't turn up anything, neither did spybot or
    > adaware. First saw it while running a check on my running processes in
    > proport(recommended BTW) Pretty sure it knocked out my Norton
    > installation first time round and had to reinstall. Can't find any
    > suspicious HKLM or HKCU run, runonce or runservices. Oh, and running
    > the exec gives the error "can't load ak32dll.dll"(did a find file..no
    > luck) after which the exec deletes itself! WTF? Any ideas out there?


    In addition to some of the other suggestions are you monitoring out bound
    traffic... Could this be someone manipulating things from the outside?
    -Lone_Wolf-, Jan 12, 2004
    #4
  5. Modecate

    Modecate Guest

    On Mon, 12 Jan 2004 07:35:43 GMT, "-Lone_Wolf-"
    <> wrote:

    >Modecate wrote:
    >> Found an executable on my windows\system dir: mpwzojgl.exe, though
    >> earlier it had a different name, so it seems to spawn random names.
    >> Size is 453K . Norton didn't turn up anything, neither did spybot or
    >> adaware. First saw it while running a check on my running processes in
    >> proport(recommended BTW) Pretty sure it knocked out my Norton
    >> installation first time round and had to reinstall. Can't find any
    >> suspicious HKLM or HKCU run, runonce or runservices. Oh, and running
    >> the exec gives the error "can't load ak32dll.dll"(did a find file..no
    >> luck) after which the exec deletes itself! WTF? Any ideas out there?

    >
    >In addition to some of the other suggestions are you monitoring out bound
    >traffic... Could this be someone manipulating things from the outside?
    >

    Yeah, I'm running Proport, which is a really good process and
    connection monitor, as well as ZA and Kerio. It's stopped replicating
    btw and I've seen no more activity today. Still got the thing renamed
    in a quarantine directory though. I suppose that random renaming thing
    makes some kind of malware a dead cert though.
    Modecate, Jan 12, 2004
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Phil B

    Virus, Virus, Virus.....

    Phil B, Sep 22, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    529
    DaveW
    Sep 22, 2003
  2. DS

    Virus in virus?

    DS, Feb 8, 2004, in forum: Computer Support
    Replies:
    3
    Views:
    484
  3. Dangermouse

    virus or not virus

    Dangermouse, Oct 12, 2005, in forum: Computer Support
    Replies:
    5
    Views:
    518
    ellis_jay
    Oct 13, 2005
  4. Peter Maurice Cram

    Norton virus protection shutsdown - virus?

    Peter Maurice Cram, Sep 11, 2004, in forum: Computer Information
    Replies:
    2
    Views:
    605
    WebWalker
    Sep 12, 2004
  5. brenda

    Virus Virus

    brenda, Oct 15, 2007, in forum: Computer Support
    Replies:
    11
    Views:
    854
    Desk Rabbit
    Oct 16, 2007
Loading...

Share This Page