|
| Have you considered submitting any or all of them to 1 or more of the
| major anti-virus labs (Kaspersky comes immediately to mind)?
It would be easier and *better* to submit them to Virus Total...
http://www.virustotal.com/flash/index_en.html
The submission(s) will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it/them and all samples are
provided to associated anti virus vendors.
You can also submit a suspect, one at a time, via the following email URL...
mailto:sc...@virustotal.com?subject=SCAN
--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
Dang, y'all.
He's said TWICE he can't find the files.
MM
> WinPatrol shows the following files in the services tab. Message also
> says "local file not found" and when going to the path WP provides the
> files are not there. I have "show hidden files' selected.
>
> I have run numerous additional av/antispyware programs and run NOD32,
> PCTools Firewall, SpySweeper and PCTools Spyware Dr. all the time.
They
> have revealed nothing.
>
> Any idea what they are? A Google search has turned up nothing.
>
> HCMGJDYZLMDBDVC.exe
> JOJTZ.exe
> WOLUPNX.exe
>
> TIA
By name alone, I have no idea what they are.
Samples of them are most welcome tho. :)
instructions available on site.
You can also submit them to:
http://virusscan.jotti.org/
http://scanner.virus.org/
http://www.virustotal.com/
--
Regards,
Dustin Cook - http://bughunter.it-mate.co.uk
BugHunter v2.2e AntiMalware Removal Utility
> On Tue, 12 Feb 2008 18:57:30 GMT, Manatee Memories
> <royalfeline!REMOVE!@hotmail.com> wrote:
>
>>On Tue, 12 Feb 2008 08:54:34 -0800, Pegleg <Peg...@usnavyret.mil>
wrote,
>>by way of <1pj3r3du4p1kgj2uk...@4ax.com>, in
>>alt.comp.virus -->
>>
>>>WinPatrol shows the following files in the services tab. Message also
>>>says "local file not found" and when going to the path WP provides
the
>>>files are not there. I have "show hidden files' selected.
>>>
>>>I have run numerous additional av/antispyware programs and run NOD32,
>>>PCTools Firewall, SpySweeper and PCTools Spyware Dr. all the time.
They
>>>have revealed nothing.
>>>
>>>Any idea what they are? A Google search has turned up nothing.
>>>
>>>HCMGJDYZLMDBDVC.exe
>>>JOJTZ.exe
>>>WOLUPNX.exe
>>
>>Have you considered submitting any or all of them to 1 or more of the
>>major anti-virus labs (Kaspersky comes immediately to mind)?
>
> I would like to but...
> As stated in the first paragraph the files do not appear in the folder
> specified by WinPatrol and WinPatrol says "Local File Not Found".
>
Oh.. Oops!
Either the files really aren't present, or they are but hidden while
windows is running thanks to a stealthy driver...
Have a bart disc?
|
| Dang, y'all.
| He's said TWICE he can't find the files.
|
| MM
That's true but I wan't responding to the OP. I responded directly to the statement...
"Have you considered submitting any or all of them to 1 or more of the major anti-virus labs
(Kaspersky comes immediately to mind)?"
I did respond to Pegleg in another post since this was Multi-Posted. That response had
nothing to do with submitting samples.
Next time I will try to word my reply such that there be less misinterpretation. Sorry!
| Oh.. Oops!
|
| Either the files really aren't present, or they are but hidden while
| windows is running thanks to a stealthy driver...
|
| Have a bart disc?
|
In another thread Pegleg was asked if an anti RootKit tool was used.
The reply was vague. The suggested anti RootKit utility is Gmer and I don't know if Pegleg
ran this.
Is it possible that the presence of the entries in the services tab merely
means an incomplete removal?
Jim
> From: "Dustin Cook" <bughunte...@gmail.com>
>
>
>| Oh.. Oops!
>|
>| Either the files really aren't present, or they are but hidden while
>| windows is running thanks to a stealthy driver...
>|
>| Have a bart disc?
>|
>
> In another thread Pegleg was asked if an anti RootKit tool was used.
>
> The reply was vague. The suggested anti RootKit utility is Gmer and I
> don't know if Pegleg ran this.
>
>
Oops. I didn't see that one either, sorry. I'm practically Bugeyed as I
type right now. :) Gmer is a great antirootkit program.
Would be wise for him to run it and let us know how it goes.
I know, my bad, I missed that part of the OP.
> Is it possible that the presence of the entries in the services tab
> merely means an incomplete removal?
Possible, certainly.
Wouldn't hurt to run Gmer tho, as David already suggested.
I'm used to doing it the bart way, but the Gmer tool is better suited for
this specific task, and it doesn't require the user have a cd/dvd burner.
<g>
|
| What exactly is the "bart way"?
|
| Looking for Gmer now.
|
| TIA
> On Wed, 13 Feb 2008 01:42:50 GMT, Dustin Cook
> <bughunte...@gmail.com> wrote:
>
>>I'm used to doing it the bart way, but the Gmer tool is better suited
>>for this specific task, and it doesn't require the user have a cd/dvd
>>burner. <g>
>
> What exactly is the "bart way"?
Creating that disc, and using it to explore the system without the host OS
running.
|
| Just finished running GMER and have submitted the log for analysis.
OK. Thanx for the update.
< snip >
|
| Received the following reply back from submitting my GMER Log:
|
| "Hi,
|
| Log is clean - no signs of infection.
|
| Cheers
| -Przemek"
|
| So....don't know what is left that I can do. I have run everything I
| can fine to run.
|
| Thanks for everyone's help and suggestions!
OK. That's good.
Now assuming these are NT Services which are supposed to load EXE files that no longer
exist, the I suggest using the SC.EXE command to remove the NT Services related to entries
referening these entries.
Or you can use AutoRuns from Microsoft/SysInternals to remove these NT Services.
|
| The "services" tab of Autoruns does not show the files.
No, No...
Not the files, the services themselves !