|
|
I have an odd message from the Windows Security in XP sp2
I received the message that "requester.10.exe" was being blocked.
"requester.10.exe" and "requester.9.exe" two relatively new files in my "Windows\System32" directory. Anyone have any idea what these programs are? I suspect its either a backdoor/trojan or whomever the anonymous programmer(s) left some unusual text in "requester.10.exe". In "requester.10.exe" at line D0 there is this word "4D 55 48 41 48 41 48 41 48 41 48 41" or "MUHAHAHAHAHA". Ideas anyone? |
I have an odd message from the Windows Security in XP sp2
Bill;
It seems obvious that your computer has been compromised. Have you run an updated virus scan? Follow the yellow section on this link: http://www3.telus.net/dandemar/slowcom.htm If you can not reasonably determine the source and level of corruption as well as clean it, a Clean Installation may be the best option. -- Jupiter Jones [MVP] http://www3.telus.net/dandemar/ "Bill Fruge" Bill wrote in message ... I received the message that "requester.10.exe" was being blocked. "requester.10.exe" and "requester.9.exe" two relatively new files in my "Windows\System32" directory. Anyone have any idea what these programs are? I suspect its either a backdoor/trojan or whomever the anonymous programmer(s) left some unusual text in "requester.10.exe". In "requester.10.exe" at line D0 there is this word "4D 55 48 41 48 41 48 41 48 41 48 41" or "MUHAHAHAHAHA". Ideas anyone? |
I have an odd message from the Windows Security in XP sp2
JJ, thanks for the link. the various antivirus scanners found nothing even
when set to look heuristically for possible viruses... I suspect that this is one of three things: 1. Backdoor/trojan that is really new... 2. Some kind of odd debuging message left by an untidy programmer... 3. Part of some other program that uses requester.10.exe as it's sender to look for updates. However I haven't found an association to any program on the machine. I'll keep tearing apart the system to figure out what this thing does. For now I'll keep blocking it until I can put a sniffer on this system. I was hoping someone out there might have run into this. I suppose I could try to decompile it and get a clue about what its trying to do. Thanks, BF "Jupiter Jones [MVP]" wrote: Bill; It seems obvious that your computer has been compromised. Have you run an updated virus scan? Follow the yellow section on this link: http://www3.telus.net/dandemar/slowcom.htm If you can not reasonably determine the source and level of corruption as well as clean it, a Clean Installation may be the best option. -- Jupiter Jones [MVP] http://www3.telus.net/dandemar/ "Bill Fruge" Bill wrote in message ... I received the message that "requester.10.exe" was being blocked. "requester.10.exe" and "requester.9.exe" two relatively new files in my "Windows\System32" directory. Anyone have any idea what these programs are? I suspect its either a backdoor/trojan or whomever the anonymous programmer(s) left some unusual text in "requester.10.exe". In "requester.10.exe" at line D0 there is this word "4D 55 48 41 48 41 48 41 48 41 48 41" or "MUHAHAHAHAHA". Ideas anyone? |
I have an odd message from the Windows Security in XP sp2
Backdoor/trojan
BINGO !!! Advise you to go to CastleCops and post here after reading the guidelines first : http://castlecops.com/forum67.html requester(x).exe is a new malware variant. There are extremely knowledgeable experts who will help with the removal of it. If you can locate the file on the system and it's 1 MB or less, have it scanned at Kapersky's online virus scanner : http://www.kaspersky.com/remoteviruschk.html They have been very good at picking up malware that are not viruses and at least it may help you identify it. MowGreen [MVP] =============== *-343-* FDNY Never Forgotten =============== Bill Fruge wrote: JJ, thanks for the link. the various antivirus scanners found nothing even when set to look heuristically for possible viruses... I suspect that this is one of three things: 1. Backdoor/trojan that is really new... 2. Some kind of odd debuging message left by an untidy programmer... 3. Part of some other program that uses requester.10.exe as it's sender to look for updates. However I haven't found an association to any program on the machine. I'll keep tearing apart the system to figure out what this thing does. For now I'll keep blocking it until I can put a sniffer on this system. I was hoping someone out there might have run into this. I suppose I could try to decompile it and get a clue about what its trying to do. Thanks, BF "Jupiter Jones [MVP]" wrote: Bill; It seems obvious that your computer has been compromised. Have you run an updated virus scan? Follow the yellow section on this link: http://www3.telus.net/dandemar/slowcom.htm If you can not reasonably determine the source and level of corruption as well as clean it, a Clean Installation may be the best option. -- Jupiter Jones [MVP] http://www3.telus.net/dandemar/ "Bill Fruge" Bill wrote in message ... I received the message that "requester.10.exe" was being blocked. "requester.10.exe" and "requester.9.exe" two relatively new files in my "Windows\System32" directory. Anyone have any idea what these programs are? I suspect its either a backdoor/trojan or whomever the anonymous programmer(s) left some unusual text in "requester.10.exe". In "requester.10.exe" at line D0 there is this word "4D 55 48 41 48 41 48 41 48 41 48 41" or "MUHAHAHAHAHA". Ideas anyone? |
I have an odd message from the Windows Security in XP sp2
Funny you confirm my thoughts. I ran MS's new antispyware beta and while it
missed the .exe, it did find this: Trojan.Delf at HKEY_ LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVe rsion\Run requestor" While I am not a MS mega supporter, they were the only one who found this from all the spyware checkers I have. "MowGreen [MVP]" wrote in message ... Backdoor/trojan BINGO !!! Advise you to go to CastleCops and post here after reading the guidelines first : http://castlecops.com/forum67.html requester(x).exe is a new malware variant. There are extremely knowledgeable experts who will help with the removal of it. If you can locate the file on the system and it's 1 MB or less, have it scanned at Kapersky's online virus scanner : http://www.kaspersky.com/remoteviruschk.html They have been very good at picking up malware that are not viruses and at least it may help you identify it. MowGreen [MVP] =============== *-343-* FDNY Never Forgotten =============== Bill Fruge wrote: JJ, thanks for the link. the various antivirus scanners found nothing even when set to look heuristically for possible viruses... I suspect that this is one of three things: 1. Backdoor/trojan that is really new... 2. Some kind of odd debuging message left by an untidy programmer... 3. Part of some other program that uses requester.10.exe as it's sender to look for updates. However I haven't found an association to any program on the machine. I'll keep tearing apart the system to figure out what this thing does. For now I'll keep blocking it until I can put a sniffer on this system. I was hoping someone out there might have run into this. I suppose I could try to decompile it and get a clue about what its trying to do. Thanks, BF "Jupiter Jones [MVP]" wrote: Bill; It seems obvious that your computer has been compromised. Have you run an updated virus scan? Follow the yellow section on this link: http://www3.telus.net/dandemar/slowcom.htm If you can not reasonably determine the source and level of corruption as well as clean it, a Clean Installation may be the best option. -- Jupiter Jones [MVP] http://www3.telus.net/dandemar/ "Bill Fruge" Bill wrote in message ... I received the message that "requester.10.exe" was being blocked. "requester.10.exe" and "requester.9.exe" two relatively new files in my "Windows\System32" directory. Anyone have any idea what these programs are? I suspect its either a backdoor/trojan or whomever the anonymous programmer(s) left some unusual text in "requester.10.exe". In "requester.10.exe" at line D0 there is this word "4D 55 48 41 48 41 48 41 48 41 48 41" or "MUHAHAHAHAHA". Ideas anyone? |
I have an odd message from the Windows Security in XP sp2
I thought I posted this earlier. MS's antispy identified it and removed it
from the registry. I deleted the files and it's gone. Not a big deal. I am glad XP sp2 found it in the first place. It's about time a OS spots odd port activity. Kudos to MS. "MowGreen [MVP]" wrote in message ... Backdoor/trojan BINGO !!! Advise you to go to CastleCops and post here after reading the guidelines first : http://castlecops.com/forum67.html requester(x).exe is a new malware variant. There are extremely knowledgeable experts who will help with the removal of it. If you can locate the file on the system and it's 1 MB or less, have it scanned at Kapersky's online virus scanner : http://www.kaspersky.com/remoteviruschk.html They have been very good at picking up malware that are not viruses and at least it may help you identify it. MowGreen [MVP] =============== *-343-* FDNY Never Forgotten =============== Bill Fruge wrote: JJ, thanks for the link. the various antivirus scanners found nothing even when set to look heuristically for possible viruses... I suspect that this is one of three things: 1. Backdoor/trojan that is really new... 2. Some kind of odd debuging message left by an untidy programmer... 3. Part of some other program that uses requester.10.exe as it's sender to look for updates. However I haven't found an association to any program on the machine. I'll keep tearing apart the system to figure out what this thing does. For now I'll keep blocking it until I can put a sniffer on this system. I was hoping someone out there might have run into this. I suppose I could try to decompile it and get a clue about what its trying to do. Thanks, BF "Jupiter Jones [MVP]" wrote: Bill; It seems obvious that your computer has been compromised. Have you run an updated virus scan? Follow the yellow section on this link: http://www3.telus.net/dandemar/slowcom.htm If you can not reasonably determine the source and level of corruption as well as clean it, a Clean Installation may be the best option. -- Jupiter Jones [MVP] http://www3.telus.net/dandemar/ "Bill Fruge" Bill wrote in message ... I received the message that "requester.10.exe" was being blocked. "requester.10.exe" and "requester.9.exe" two relatively new files in my "Windows\System32" directory. Anyone have any idea what these programs are? I suspect its either a backdoor/trojan or whomever the anonymous programmer(s) left some unusual text in "requester.10.exe". In "requester.10.exe" at line D0 there is this word "4D 55 48 41 48 41 48 41 48 41 48 41" or "MUHAHAHAHAHA". Ideas anyone? |
I have an odd message from the Windows Security in XP sp2
Bill Fruge wrote: I thought I posted this earlier. MS's antispy identified it and removed it from the registry. I deleted the files and it's gone. Not a big deal. I am glad XP sp2 found it in the first place. It's about time a OS spots odd port activity. Kudos to MS. "MowGreen [MVP]" wrote in message ... Backdoor/trojan BINGO !!! Advise you to go to CastleCops and post here after reading the guidelines first : http://castlecops.com/forum67.html requester(x).exe is a new malware variant. There are extremely knowledgeable experts who will help with the removal of it. If you can locate the file on the system and it's 1 MB or less, have it scanned at Kapersky's online virus scanner : http://www.kaspersky.com/remoteviruschk.html They have been very good at picking up malware that are not viruses and at least it may help you identify it. MowGreen [MVP] =============== *-343-* FDNY Never Forgotten =============== Bill Fruge wrote: JJ, thanks for the link. the various antivirus scanners found nothing even when set to look heuristically for possible viruses... I suspect that this is one of three things: 1. Backdoor/trojan that is really new... 2. Some kind of odd debuging message left by an untidy programmer... 3. Part of some other program that uses requester.10.exe as it's sender to look for updates. However I haven't found an association to any program on the machine. I'll keep tearing apart the system to figure out what this thing does. For now I'll keep blocking it until I can put a sniffer on this system. I was hoping someone out there might have run into this. I suppose I could try to decompile it and get a clue about what its trying to do. Thanks, BF "Jupiter Jones [MVP]" wrote: Bill; It seems obvious that your computer has been compromised. Have you run an updated virus scan? Follow the yellow section on this link: http://www3.telus.net/dandemar/slowcom.htm If you can not reasonably determine the source and level of corruption as well as clean it, a Clean Installation may be the best option. -- Jupiter Jones [MVP] http://www3.telus.net/dandemar/ "Bill Fruge" Bill wrote in message ... I received the message that "requester.10.exe" was being blocked. "requester.10.exe" and "requester.9.exe" two relatively new files in my "Windows\System32" directory. Anyone have any idea what these programs are? I suspect its either a backdoor/trojan or whomever the anonymous programmer(s) left some unusual text in "requester.10.exe". In "requester.10.exe" at line D0 there is this word "4D 55 48 41 48 41 48 41 48 41 48 41" or "MUHAHAHAHAHA". Ideas anyone? |
| All times are GMT +1. The time now is 06:04 PM. |
Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright © 2004 - 2006 PCbanter
Comments are property of their posters