S7jfwb07.exe
Sammy Castagna
for access to an http address. Anyone know anything or recognize it?
dave xnet
Unfortunately, the malware is probably geneating a random name -
that's why it''s not recognized. MalwareBytes is a respected name in
fighting this kind of thing.
Start here:
http://www.malwarebytes.org/forums/index.php?showtopic=2936
Basically it tells you to run some tools and post the resultanrt logs.
The experts on the forum will assist you.
Good luck
David H. Lipman
| I have goggled this and can find nothing. It just popped up yesterday asking
| for access to an http address. Anyone know anything or recognize it?
Please submit a sample to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition Virus
Total will provide the sample to all participating vendors.
You can also submit a suspect, one at a time, via the following email URL...
mailto:sc...@virustotal.com?subject=SCAN
When you get the report, please post back the exact results.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
Sammy Castagna
I just reformated a month ago.
Sammy
"dave xnet" <davexn...@ETEyahoo.com> wrote in message
news:31drj4dhgf8nbgl0g...@4ax.com...
John
internet. Now you say you formatted a month ago. Is your PC infected before
or after the format?
"Sammy Castagna" <sammycastagnahotmail.com> wrote in message
news:u9pASoZW...@TK2MSFTNGP03.phx.gbl...
FromTheRafters
>I have goggled this and can find nothing.
Perhaps your goggles are dirty. :o\
> It just popped up yesterday asking for access to an http address.
File names are often useless information. Better information would be
the address you neglect to mention - but that could be useless as well.
> Anyone know anything or recognize it?
You should have the executable scanned by software designed to find
out if it is a known malware program. Try jotti.org or virustotal.com.
Sammy Castagna
John,
I assume yesterday. I was given a newer computer and I loaded my copy of
windows a month ago I was just thinking of the hassle, sorry for the
confusion.
The computer is trying to access 216.95.196.22 HTTP.I am very careful to
watch Zonealarm for abnormal behavior.
Also when I search for the file on my computer this new search device
Microsoft has got out where it indexes everything says c drive has not been
indexed and file can not be looked for.
I will get back with you all tomorrow I have to get up 5:00 am est
Sammy Castagna
"John" <a> wrote in message news:egIgOsZW...@TK2MSFTNGP06.phx.gbl...
Sammy Castagna
John David Dave,
AS soon as I got home I deleted the microsoft search indexing tool and went
back to the find that used to be on win xp.I have fonf the file.
S7JFWBO7.EXE-OC7ED4DB.pf
S7jfwbO7
S&jfwbO7.exe.a_a Two are in folder C:\WINDOWS\system32 The other is
C:\WINDOWS\Perfetch
In your opinion is the Zonealarm firewall antivirus a good solution?
Sammy
"Sammy Castagna" <sammycastagnahotmail.com> wrote in message
news:OwWK3UaW...@TK2MSFTNGP06.phx.gbl...
Sammy Castagna
John David Dave,
Malwarebytes took it off. Thank you all.
What configuration of fire wall virus spyware should I be using?
Sammy Castagna
"Sammy Castagna" <sammycastagnahotmail.com> wrote in message
news:%23O4YNVl...@TK2MSFTNGP05.phx.gbl...
Sammy Castagna
The damned thing came back. I tried to delete it and it said access denied.
So I renamed it .old and was able to delete it.
Sammy
"Sammy Castagna" <sammycastagnahotmail.com> wrote in message
news:encB0mlW...@TK2MSFTNGP02.phx.gbl...
David H. Lipman
From: "Sammy Castagna" <sammycastagnahotmail.com>
| The damned thing came back. I tried to delete it and it said access denied.
| So I renamed it .old and was able to delete it.
| Sammy
OK. there is a helper/peer application that is restoring the file.
Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
Then post the contents of the HJT log in your post in one of the below expert forums...
{ Please - Do NOT post the HJT Log here ! }
Forums where you can get expert advice for HiJack This! (HJT) Logs.
NOTE: Registration is REQUIRED in any of the below before posting a log
Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0
Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://www.malwarebytes.org/forums/index.php?showforum=7
Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://aumha.net/viewforum.php?f=30
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13
Spiraled
access internet destination 216.95.196.22:HTTP. Being reported by ZoneAlarm.
Updated definitions for adaware and avg 8.0 have not caught it. Just
started the past few days. G-friend was surfing unsavory sights and
downloaded it from somewhere. avg did catch two trojan horses. Could
possible be something from a divX download/application. She was viewing
movies and I notice this was a new folder added to my documents and icon on
my desktop. Will report back if anything new arises.