Notepad.exe Virus
From: MAP (anonymous_at_discussions.microsoft.com)
Date: 03/31/04
- Next message: anonymous_at_discussions.microsoft.com: "XP Pro Blocking Outlook Attachments?"
- Previous message: Darren Hook [MSFT]: "Re: Password Remember"
- In reply to: Viruses0404: "Notepad.exe Virus"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 31 Mar 2004 05:26:26 -0800
>-----Original Message-----
>Hello there,
>I've a couple of Virus related questions. Any help or
ideas how to get/make Microsoft fix or aware is
appreciated.
>
>1. I had the msblast.exe virus long before cnn start
talking about it. It always starts a process with a
random (RP) name which doesn't allow me to start
taskmanager to kill it, neither msconfig to disable
msblast. I used another utility to kill the random
process and then used mscofig to disable msblast from
starting. However, the random process still comes up and
I have to kill it with my utility every time I start my
computer. msconfig doesn't stop it. Any suggestions on
what to do next to get rid of this RP? I did try Mcaffee
and Symantec's free Virus desinfecters on the net but
they didn't take it away
>
>2. It seems to me that now NOTEPAD.exe is infected!
Here's what happen. When I try to start Notepad, a
process called over.exe is started that consumes 90% of
the CPU time (under taskmanager) but the real Notepad
never appears on the screen. Every time I start Notepad
from the start==> run, or in the CMD console another
over.exe starts and my system start humming and I can see
that it's getting slower.
>Any suggestions, recommendations, or pointers on how to
reach Microsoft security folks?
>Thanks.
>
>athmanen@computerscosmos.com
>.
>over.exe may be a trojan
Overview
Alias: BackDoor-UQ [McAfee], Backdoor.Zhang [Kaspersky],
security risk or a "backdoor" program [F-Prot]
Category: RAT: (Remote Administration Tool) A Trojan that
when run, provides an attacker with the capability of
remotely controlling a machine via a "client" in the
attacker's machine, and a "server" in the victim's
machine.
Similar Pests: RAT
Origins
Author: Huaxingln
By This Author: Sweet Heart 1.0b
Date of Origin: January, 2003
Operation
Storage Required: at least 1133KB
Detection Issues: Difficult to detect by design. May hide
from process list. May install with variable names in
variable locations.
Detection and Removal
Automatic Removal: PestPatrol detects this.
PestPatrol removes this.
Manual Removal: Follow these steps to remove Sweet Heart
Yesterday from your machine. Begin by backing up your
registry and your system, and/or setting a Restore Point,
to prevent trouble if you make a mistake.
Stop Running Processes:
Kill these running processes with Task Manager:
stay over.exe
Remove Files:
Remove these files (if present) with Windows Explorer:
stay over.exe
Kelly has provided removal tools for msblast go here
www.kellys-korner-xp.com/xp_tweaks.htm
- Next message: anonymous_at_discussions.microsoft.com: "XP Pro Blocking Outlook Attachments?"
- Previous message: Darren Hook [MSFT]: "Re: Password Remember"
- In reply to: Viruses0404: "Notepad.exe Virus"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
