Author Topic: What malware are we dealing with here? (Read 2124 times)

polonus · « **on:** May 16, 2007, 09:05:45 AM »

Hi malware fighters,

After a cleansing routine for surfbar spyware performed, the cleansed XP Pro machine promts for (long line in machine language) \wins32.exe. It reads that Windows cannot find this and you have to enter Start and Search. What malware or compromise renders this? The machine had adware removed, mIRC removes virus alerts, unsollicited software on this machine, Windows update performed. User rights revisoned, all passwords changed.

polonus

FreewheelinFrank · « **Reply #1 on:** May 16, 2007, 09:40:37 AM »

Hi Polonus,

Have you removed the registry entries for wins32.exe?

http://www.pchell.com/support/surferbar.shtml

polonus · « **Reply #2 on:** May 16, 2007, 09:52:34 AM »

Hi FwF,

I dfid not cleanse that machine, that was done by the sys admin. He ran HJT, and indeed removed some entries from the registry, because the malware restored itself every 5 sec, idle processes went up to 99%, but I think that is due to the preveailing automatic update storage problem that Microsoft is confronting us with at the moment (evil tongues have it that this is a way to be able to abondon XP earlier to have people switch to Vista's sooner, but that may be nonsense). But it could well be that the two problems are not related,

polonus

Author Topic: What malware are we dealing with here? (Read 2124 times)

polonus

What malware are we dealing with here?

FreewheelinFrank

Re: What malware are we dealing with here?

polonus

Re: What malware are we dealing with here?