Re: [jf595.exe] in Windows Processes

From: Sir_George (Sir_George_at_mailinator.com)
Date: 02/28/04

Next message: CMAR: "DNS problems"
Previous message: Dave: "Control Alt Delete Disabled"
In reply to: Herm: "[jf595.exe] in Windows Processes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sat, 28 Feb 2004 09:09:29 -0700

Herm,

LOAD.EXE is supplied by the "w32.nimda.a" virus.

Visit the following sites;

Nimda
http://msn.zdnet.com/zdfeeds/msncobrand/reviews/0%2C13828%2C2811488-hud00025ab%2C00.html
http://securityresponse.symantec.com/avcenter/venc/data/w32.nimda.a@mm.html
http://www.symantec.com/avcenter/venc/data/w32.nimda.a@mm.html
http://vil.nai.com/vil/virusSummary.asp?virus_k=99209
http://www.sophos.com/virusinfo/analyses/w32nimdaa.html
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/topics/nimda.asp

An extract from McAffee's page:
-------------
It may copy itself to the WINDOWS SYSTEM directory as LOAD.EXE and
create a SYSTEM.INI entry to load itself at startup:
Shell=explorer.exe load.exe -dontrunold
------------
Change the line to
Shell=explorer.exe

-- 
Sir_George
For better access to newsgroups;
http://www.microsoft.com/windowsxp/pro/using/newsgroups/setup.asp
"Herm" <herm1@tampabay.rr.com> wrote in message
news:375e01c3fdb3$525d85e0$a401280a@phx.gbl...
> Does anyone know what this process might be? It
> occasionally locks up XP, and the only information I can
> get on it is from my Ad-Aware software log:
>
> #:25 [jf595.exe]
>     FilePath           : C:\WINDOWS\
>     ThreadCreationTime : 2-28-2004 4:03:28 AM
>     BasePriority       : Normal
>     FileSize           : 44 KB
>     FileVersion        : 1.00
>     ProductVersion     : 1.00
>     CompanyName        : asdf
>     InternalName       : load
>     OriginalFilename   : load.exe
>     ProductName        : loaderme
>     Created on         : 2/27/2004 1:20:42 PM
>     Last accessed      : 2/28/2004 4:03:28 AM
> Last modified      : 2/27/2004 1:20:42 PM
>
> Any info is greatly appreciated.
>
> -Herm
>
>

Next message: CMAR: "DNS problems"
Previous message: Dave: "Control Alt Delete Disabled"
In reply to: Herm: "[jf595.exe] in Windows Processes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Info?
... You have the Nimda virus. ... An extract from McAffee's page: ... It may copy itself to the WINDOWS SYSTEM directory as LOAD.EXE and ... create a SYSTEM.INI entry to load itself at startup: ...
(microsoft.public.security.virus)
Re: Easy Reading - Promotion of Numberless Cryptography - Adacrypt
... Everyone fucking eliminate toward glad tall caves. ... Do not extract the ... protections fiercely, load them behind. ...
(sci.crypt)
Re: importing embedded dynamic lib
... > 1- what would be the recommended technique to embed a binary file inside ... Have a look at what Python Installer does. ... I'd extract it to a temporary file and load it. ...
(comp.lang.python)
Importing users & groups into AD
... I have a load of local users in local groups ... on a Windows 2000 server. ... I want to extract these as to be ...
(microsoft.public.windows.server.active_directory)
Re: Jacorb - reading properties
... load new property files. ... But what I need is to extract one of the properties of these files ... Please see chapter 3.1 of the ProgrammingGuide - it states there how ... such as the one above as the internal API may change. ...
(comp.lang.java.corba)