Author Topic: wks-nt-xp.exe (Read 2189 times)

Dave6412 · « **on:** March 05, 2007, 12:22:52 PM »

Hi, not used this forum so my apologies if this is the wrong place etc.

I've recently found a program called wks-nt-xp.exe in my running processes. Having never seen it there before i was a little distrubed by it, especially when it started trying to access the internet. It now attempts a connection every 20 seconds but thankfully my firewall is blocking it.

My query is, firstly should i be worried about it? Avast and adware didnt remove the file and i cant find anything online about it. Secondly if it is a baddy how do i remove it?

Any help much appreciated

igor · « **Reply #1 on:** March 05, 2007, 01:00:55 PM »

The file indeed looks suspicious.
I suggest to check it with a service like VirusTotal to find out if any other antiviruses detect this file as malicious. If so, please send the file to virus@avast.com for analysis (preferably packed in a password-protected ZIP or RAR).
Thanks.

FreewheelinFrank · « **Reply #2 on:** March 05, 2007, 01:07:21 PM »

Hi Dave6412,

A Google search suggests the file may be found in:

C:\WINDOWS\system32\dllcache\wks-nt-xp.exe

You will need to enable view hidden files and folders to send it to VirusTotal:

http://www.bleepingcomputer.com/tutorials/tutorial62.html

Dave6412 · « **Reply #3 on:** March 05, 2007, 01:34:56 PM »

Found this

http://spywarefiles.prevx.com/spywarefiles.asp?FXC=HFDF35470962

Seems they're the only one who've picked up on it so far but £24.95 is a bit steep to remove 1 virus =/

Anyhow a bit more information, it has now stopped all access to the internet though it does allow my LAN to connect it wont allow IE, MSN etc to connect. Very strange. Also it's pretty smart as its managed to bypass my laptops security aswell and has now infected that $:-\$

Author Topic: wks-nt-xp.exe (Read 2189 times)

Dave6412

wks-nt-xp.exe

igor

Re: wks-nt-xp.exe

FreewheelinFrank

Re: wks-nt-xp.exe

Dave6412

Re: wks-nt-xp.exe