Re: iexpIorer.exe ..new virus? What is it?
From: taff (taff_at_the-valleys.com)
Date: 01/01/04
- Next message: taff: "Re: iexpIorer.exe ..new virus? What is it?"
- Previous message: Noozer: "Now that 2004 is here... Is anyone seeing network traffic dwindle since Welchia should be dying off?"
- In reply to: Sarah: "Re: iexpIorer.exe ..new virus? What is it?"
- Next in thread: Sarah: "Re: iexpIorer.exe ..new virus? What is it?"
- Reply: Sarah: "Re: iexpIorer.exe ..new virus? What is it?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 01 Jan 2004 00:24:52 +0000
On Wed, 31 Dec 2003 15:31:08 -0800, "Sarah"
<anonymous@discussions.microsoft.com> wrote:
>Mike writes:
>>-----Original Message-----
>>Hey all..
>>
>>A few days ago, I started getting a message
>that "tskmg.exe" wasn't found on
>>startup. I obviously assumed this was some sort of a
>virus (even though I
>>haven't run anything, and I'm up to date with Windows
>Update). So I went and
>>scanned at trendmicro's housecall. No viruses found..
>>
>>I tried firing up regedit and msconfig and both of them
>close right away
>>after 2 seconds.
>>
>>So, I checked taskmanager and there is a process running
>called
>>"iexpIorer.exe" running. When I kill it, a new one
>always restarts...
>>
>>So, obviously I have a virus..
>>
>>But, the latest online scanners aren't picking it up and
>there's no new
>>windows updates..
>>
>>Any ideas?
>>
>>Mike
>>
> Howdy, Mike. Found several references online to
>iexpIorer.exe (noting that the letter following "iexp" is
>a capitol "i", not an "L"). A year ago, one board's
>poster was relating that Norton's had found but could not
>delete it (she didn't mention whether she was using a
>Safe mode start). Another poster (on a board I could only
>get via Google's cache) was complaining about this
>infector on a "Viruses everyone has"(!)list. Another was
>saying that it is a sub-7 trojan, and listed the steps
>they had taken to get rid of it. I don't suppose that the
>fact that someone a year ago used that name for their
>process stops a new writer from using it in a new
>infector.
> _Assuming_ it were to be the "same old" thing, the
>following from Sophos might be informative:
>>>
>Troj/Oblivion-B is a backdoor Trojan that allows others
>remote access to your computer over a network. It copies
>itself to the Windows System directory as iexpIore.exe,
>and sets the registry keys
>
>HKLM\Software\Microsoft\Windows\CurrentVersion
>\Run\Default web browser
>HKLM\Software\Microsoft\Windows\CurrentVersion
>\RunServices\Default web browser
>HKLM\Software\Microsoft\Active Setup
>\Installed Components\Default web browser\StubPath
>to all point to the executable.
>
>It also changes the entry shell= in the [boot] section of
>system.ini to "explorer.exe iexpIore.exe", and adds new
>ini entries load=iexpIore.exe and run=iexpIore.exe in the
>[windows] section of win.ini.
>
>It uses ICQ and IRC channels to notify the sender of
>activation.
><<
If you read the first part of the post you will see that the problem
started with tskmg.exe.
A search on that brings up
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.warpigs.c.html
as I said in a earlier post
Taff...........
www.sounds-pa.com | www.thecomputerworkshop.com
- Next message: taff: "Re: iexpIorer.exe ..new virus? What is it?"
- Previous message: Noozer: "Now that 2004 is here... Is anyone seeing network traffic dwindle since Welchia should be dying off?"
- In reply to: Sarah: "Re: iexpIorer.exe ..new virus? What is it?"
- Next in thread: Sarah: "Re: iexpIorer.exe ..new virus? What is it?"
- Reply: Sarah: "Re: iexpIorer.exe ..new virus? What is it?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
