Re: I have an odd message from the Windows Security in XP sp2
From: Bill Fruge (Fruge_at_discussions.microsoft.com)
Date: 01/07/05
- Next message: soneill1225: "RE: unable to access the Recovery Console"
- Previous message: Bruce Chambers: "Re: Seeking recommendations on a Registery Cleaner"
- In reply to: Jupiter Jones [MVP]: "Re: I have an odd message from the Windows Security in XP sp2"
- Next in thread: MowGreen [MVP]: "Re: I have an odd message from the Windows Security in XP sp2"
- Reply: MowGreen [MVP]: "Re: I have an odd message from the Windows Security in XP sp2"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 6 Jan 2005 18:51:09 -0800
JJ, thanks for the link. the various antivirus scanners found nothing even
when set to look heuristically for possible viruses... I suspect that this is
one of three things:
1. Backdoor/trojan that is really new...
2. Some kind of odd debuging message left by an untidy programmer...
3. Part of some other program that uses requester.10.exe as it's sender to
look for updates. However I haven't found an association to any program on
the machine.
I'll keep tearing apart the system to figure out what this thing does. For
now I'll keep blocking it until I can put a sniffer on this system. I was
hoping someone out there might have run into this. I suppose I could try to
decompile it and get a clue about what its trying to do.
Thanks,
BF
"Jupiter Jones [MVP]" wrote:
> Bill;
> It seems obvious that your computer has been compromised.
> Have you run an updated virus scan?
>
> Follow the yellow section on this link:
> http://www3.telus.net/dandemar/slowcom.htm
>
> If you can not reasonably determine the source and level of corruption as
> well as clean it, a Clean Installation may be the best option.
>
> --
> Jupiter Jones [MVP]
> http://www3.telus.net/dandemar/
>
>
> "Bill Fruge" <Bill Fruge@discussions.microsoft.com> wrote in message
> news:4A87AC36-DBA5-49FC-BDFD-AC84F147EEA3@microsoft.com...
> >I received the message that "requester.10.exe" was being blocked.
> > "requester.10.exe" and "requester.9.exe" two relatively new files in my
> > "Windows\System32" directory. Anyone have any idea what these programs
> > are? I
> > suspect its either a backdoor/trojan or whomever the anonymous
> > programmer(s)
> > left some unusual text in "requester.10.exe". In "requester.10.exe" at
> > line
> > D0 there is this word "4D 55 48 41 48 41 48 41 48 41 48 41" or
> > "MUHAHAHAHAHA". Ideas anyone?
>
>
>
- Next message: soneill1225: "RE: unable to access the Recovery Console"
- Previous message: Bruce Chambers: "Re: Seeking recommendations on a Registery Cleaner"
- In reply to: Jupiter Jones [MVP]: "Re: I have an odd message from the Windows Security in XP sp2"
- Next in thread: MowGreen [MVP]: "Re: I have an odd message from the Windows Security in XP sp2"
- Reply: MowGreen [MVP]: "Re: I have an odd message from the Windows Security in XP sp2"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
