Re: Possible Virus or Trojan?

From: Malke (malke_at_nospoonnotreally.com)
Date: 12/08/04 

Date: Wed, 08 Dec 2004 11:45:29 -0800

Howard Hartman wrote:

>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello.
>
> I have an unusual problem on an XP Professional computer that I think
> may be a virus or trojan, but Norton Antivirus 2005 is ambiguous as to
> whether the computer is infected or not.
>
> I noticed one day that the process upnpclient.exe was running on this
> machine. That was suspicious since the UPnP component was not
> installed. I deleted the process.
>
> As soon as I ended the process, Norton Antivirus popped up and issued
> a virus warning in the category of Trojan Horse on the file
> c:\acrobat.dll. Norton was unable to either repair or quarantine this
> file.
>
> A few minutes later the upnpclient.exe process was running again.
>
> I can delete c:\acrobat.dll in a DOS window. It only exists if the
> upnpclient.exe process is ended via Task Manager. When the
> upnpclient.exe process is reinstated, it creates the file
> c:\acrobat.dll which is 32,768
> bytes in size. Each time it is created, Norton flags it as a possible
> virus or trojan.
>

There's an excellent thread addressing this very issue here:

http://www.wilderssecurity.com/showthread.php?t=54750

It's very much worth reading through the whole thing.

Malke 

-- 
MS MVP - Windows Shell/User
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"