New virus? Timelock, sys32.exe, sysUser32.exe, msexec32.dll

From: 'spam' -> 'mail' (spam.up@yours.com)
Date: 02/20/03 

From: <spam.up@yours.com ( 'spam' -> 'mail' )>
Date: Thu, 20 Feb 2003 13:20:50 +0100

I was looking for a program that enables applictions/services for a while
after a user enters a password.

I found socalled 'Timelock'. In this first message I prefer not to give the
URL, because I do not hope you will have the same problems:

After I scanned the file and was unpacked it, it suddenly started and seems
to have installed itself.
A screen popped up: All '?'-chars in it and some buttons. Now it won't leave
my pc anymore. Never it seems.

In Further research ik found out it were chinese files that were installed:

sys32.exe, sysUser32.exe, msexec32.dll, tlinvoff.tte, xmielkni.tte,
kwykcexu.tte

I tried to 'clean the register' from the names above. But in no time they're
back..
Later, in Safe Mode I managed to remove all files but one:

msexec32.dll

And from that time a new Windows '!'-screen pops up with everything I
start/open. Reading from the next URL, I make up that my system is now
regular telling me (in chinese) that on of these file is missing.

http://groups.google.com/groups?q="sysrun32.exe"&hl=en&lr=&ie=UTF-8&oe=UTF8&
safe=off&selm=O1OF2cxkCHA.2632@tkmsftngp12

I searched the whole internet for the files sys32 en sysUser32:

-
http://support.centralcommand.com/cgi-bin/command.cfg/php/enduser/std_adp.ph
p?p_refno=020204-000001
looks like it.

-
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.darksun.htm
l
does too.

Oh! In safe mode I could see that sys32 and sysUser32 are called
'Administractor' v.nr. 4.3.1.46.

Can anybody help me to get rid of the annoying popups or tell me whether it
looks like my pc is still infected?

Quantcast