If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
I have an odd message from the Windows Security in XP sp2
I received the message that "requester.10.exe" was being blocked.
"requester.10.exe" and "requester.9.exe" two relatively new files in my "Windows\System32" directory. Anyone have any idea what these programs are? I suspect its either a backdoor/trojan or whomever the anonymous programmer(s) left some unusual text in "requester.10.exe". In "requester.10.exe" at line D0 there is this word "4D 55 48 41 48 41 48 41 48 41 48 41" or "MUHAHAHAHAHA". Ideas anyone? |
Ads |
#2
|
|||
|
|||
I have an odd message from the Windows Security in XP sp2
Bill;
It seems obvious that your computer has been compromised. Have you run an updated virus scan? Follow the yellow section on this link: http://www3.telus.net/dandemar/slowcom.htm If you can not reasonably determine the source and level of corruption as well as clean it, a Clean Installation may be the best option. -- Jupiter Jones [MVP] http://www3.telus.net/dandemar/ "Bill Fruge" Bill wrote in message ... I received the message that "requester.10.exe" was being blocked. "requester.10.exe" and "requester.9.exe" two relatively new files in my "Windows\System32" directory. Anyone have any idea what these programs are? I suspect its either a backdoor/trojan or whomever the anonymous programmer(s) left some unusual text in "requester.10.exe". In "requester.10.exe" at line D0 there is this word "4D 55 48 41 48 41 48 41 48 41 48 41" or "MUHAHAHAHAHA". Ideas anyone? |
#3
|
|||
|
|||
I have an odd message from the Windows Security in XP sp2
JJ, thanks for the link. the various antivirus scanners found nothing even
when set to look heuristically for possible viruses... I suspect that this is one of three things: 1. Backdoor/trojan that is really new... 2. Some kind of odd debuging message left by an untidy programmer... 3. Part of some other program that uses requester.10.exe as it's sender to look for updates. However I haven't found an association to any program on the machine. I'll keep tearing apart the system to figure out what this thing does. For now I'll keep blocking it until I can put a sniffer on this system. I was hoping someone out there might have run into this. I suppose I could try to decompile it and get a clue about what its trying to do. Thanks, BF "Jupiter Jones [MVP]" wrote: Bill; It seems obvious that your computer has been compromised. Have you run an updated virus scan? Follow the yellow section on this link: http://www3.telus.net/dandemar/slowcom.htm If you can not reasonably determine the source and level of corruption as well as clean it, a Clean Installation may be the best option. -- Jupiter Jones [MVP] http://www3.telus.net/dandemar/ "Bill Fruge" Bill wrote in message ... I received the message that "requester.10.exe" was being blocked. "requester.10.exe" and "requester.9.exe" two relatively new files in my "Windows\System32" directory. Anyone have any idea what these programs are? I suspect its either a backdoor/trojan or whomever the anonymous programmer(s) left some unusual text in "requester.10.exe". In "requester.10.exe" at line D0 there is this word "4D 55 48 41 48 41 48 41 48 41 48 41" or "MUHAHAHAHAHA". Ideas anyone? |
#4
|
|||
|
|||
I have an odd message from the Windows Security in XP sp2
Backdoor/trojan
BINGO !!! Advise you to go to CastleCops and post here after reading the guidelines first : http://castlecops.com/forum67.html requester(x).exe is a new malware variant. There are extremely knowledgeable experts who will help with the removal of it. If you can locate the file on the system and it's 1 MB or less, have it scanned at Kapersky's online virus scanner : http://www.kaspersky.com/remoteviruschk.html They have been very good at picking up malware that are not viruses and at least it may help you identify it. MowGreen [MVP] =============== *-343-* FDNY Never Forgotten =============== Bill Fruge wrote: JJ, thanks for the link. the various antivirus scanners found nothing even when set to look heuristically for possible viruses... I suspect that this is one of three things: 1. Backdoor/trojan that is really new... 2. Some kind of odd debuging message left by an untidy programmer... 3. Part of some other program that uses requester.10.exe as it's sender to look for updates. However I haven't found an association to any program on the machine. I'll keep tearing apart the system to figure out what this thing does. For now I'll keep blocking it until I can put a sniffer on this system. I was hoping someone out there might have run into this. I suppose I could try to decompile it and get a clue about what its trying to do. Thanks, BF "Jupiter Jones [MVP]" wrote: Bill; It seems obvious that your computer has been compromised. Have you run an updated virus scan? Follow the yellow section on this link: http://www3.telus.net/dandemar/slowcom.htm If you can not reasonably determine the source and level of corruption as well as clean it, a Clean Installation may be the best option. -- Jupiter Jones [MVP] http://www3.telus.net/dandemar/ "Bill Fruge" Bill wrote in message ... I received the message that "requester.10.exe" was being blocked. "requester.10.exe" and "requester.9.exe" two relatively new files in my "Windows\System32" directory. Anyone have any idea what these programs are? I suspect its either a backdoor/trojan or whomever the anonymous programmer(s) left some unusual text in "requester.10.exe". In "requester.10.exe" at line D0 there is this word "4D 55 48 41 48 41 48 41 48 41 48 41" or "MUHAHAHAHAHA". Ideas anyone? |
#5
|
|||
|
|||
I have an odd message from the Windows Security in XP sp2
Funny you confirm my thoughts. I ran MS's new antispyware beta and while it
missed the .exe, it did find this: Trojan.Delf at HKEY_ LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVe rsion\Run requestor" While I am not a MS mega supporter, they were the only one who found this from all the spyware checkers I have. "MowGreen [MVP]" wrote in message ... Backdoor/trojan BINGO !!! Advise you to go to CastleCops and post here after reading the guidelines first : http://castlecops.com/forum67.html requester(x).exe is a new malware variant. There are extremely knowledgeable experts who will help with the removal of it. If you can locate the file on the system and it's 1 MB or less, have it scanned at Kapersky's online virus scanner : http://www.kaspersky.com/remoteviruschk.html They have been very good at picking up malware that are not viruses and at least it may help you identify it. MowGreen [MVP] =============== *-343-* FDNY Never Forgotten =============== Bill Fruge wrote: JJ, thanks for the link. the various antivirus scanners found nothing even when set to look heuristically for possible viruses... I suspect that this is one of three things: 1. Backdoor/trojan that is really new... 2. Some kind of odd debuging message left by an untidy programmer... 3. Part of some other program that uses requester.10.exe as it's sender to look for updates. However I haven't found an association to any program on the machine. I'll keep tearing apart the system to figure out what this thing does. For now I'll keep blocking it until I can put a sniffer on this system. I was hoping someone out there might have run into this. I suppose I could try to decompile it and get a clue about what its trying to do. Thanks, BF "Jupiter Jones [MVP]" wrote: Bill; It seems obvious that your computer has been compromised. Have you run an updated virus scan? Follow the yellow section on this link: http://www3.telus.net/dandemar/slowcom.htm If you can not reasonably determine the source and level of corruption as well as clean it, a Clean Installation may be the best option. -- Jupiter Jones [MVP] http://www3.telus.net/dandemar/ "Bill Fruge" Bill wrote in message ... I received the message that "requester.10.exe" was being blocked. "requester.10.exe" and "requester.9.exe" two relatively new files in my "Windows\System32" directory. Anyone have any idea what these programs are? I suspect its either a backdoor/trojan or whomever the anonymous programmer(s) left some unusual text in "requester.10.exe". In "requester.10.exe" at line D0 there is this word "4D 55 48 41 48 41 48 41 48 41 48 41" or "MUHAHAHAHAHA". Ideas anyone? |
#6
|
|||
|
|||
I have an odd message from the Windows Security in XP sp2
I thought I posted this earlier. MS's antispy identified it and removed it
from the registry. I deleted the files and it's gone. Not a big deal. I am glad XP sp2 found it in the first place. It's about time a OS spots odd port activity. Kudos to MS. "MowGreen [MVP]" wrote in message ... Backdoor/trojan BINGO !!! Advise you to go to CastleCops and post here after reading the guidelines first : http://castlecops.com/forum67.html requester(x).exe is a new malware variant. There are extremely knowledgeable experts who will help with the removal of it. If you can locate the file on the system and it's 1 MB or less, have it scanned at Kapersky's online virus scanner : http://www.kaspersky.com/remoteviruschk.html They have been very good at picking up malware that are not viruses and at least it may help you identify it. MowGreen [MVP] =============== *-343-* FDNY Never Forgotten =============== Bill Fruge wrote: JJ, thanks for the link. the various antivirus scanners found nothing even when set to look heuristically for possible viruses... I suspect that this is one of three things: 1. Backdoor/trojan that is really new... 2. Some kind of odd debuging message left by an untidy programmer... 3. Part of some other program that uses requester.10.exe as it's sender to look for updates. However I haven't found an association to any program on the machine. I'll keep tearing apart the system to figure out what this thing does. For now I'll keep blocking it until I can put a sniffer on this system. I was hoping someone out there might have run into this. I suppose I could try to decompile it and get a clue about what its trying to do. Thanks, BF "Jupiter Jones [MVP]" wrote: Bill; It seems obvious that your computer has been compromised. Have you run an updated virus scan? Follow the yellow section on this link: http://www3.telus.net/dandemar/slowcom.htm If you can not reasonably determine the source and level of corruption as well as clean it, a Clean Installation may be the best option. -- Jupiter Jones [MVP] http://www3.telus.net/dandemar/ "Bill Fruge" Bill wrote in message ... I received the message that "requester.10.exe" was being blocked. "requester.10.exe" and "requester.9.exe" two relatively new files in my "Windows\System32" directory. Anyone have any idea what these programs are? I suspect its either a backdoor/trojan or whomever the anonymous programmer(s) left some unusual text in "requester.10.exe". In "requester.10.exe" at line D0 there is this word "4D 55 48 41 48 41 48 41 48 41 48 41" or "MUHAHAHAHAHA". Ideas anyone? |
#7
|
|||
|
|||
I have an odd message from the Windows Security in XP sp2
Bill Fruge wrote: I thought I posted this earlier. MS's antispy identified it and removed it from the registry. I deleted the files and it's gone. Not a big deal. I am glad XP sp2 found it in the first place. It's about time a OS spots odd port activity. Kudos to MS. "MowGreen [MVP]" wrote in message ... Backdoor/trojan BINGO !!! Advise you to go to CastleCops and post here after reading the guidelines first : http://castlecops.com/forum67.html requester(x).exe is a new malware variant. There are extremely knowledgeable experts who will help with the removal of it. If you can locate the file on the system and it's 1 MB or less, have it scanned at Kapersky's online virus scanner : http://www.kaspersky.com/remoteviruschk.html They have been very good at picking up malware that are not viruses and at least it may help you identify it. MowGreen [MVP] =============== *-343-* FDNY Never Forgotten =============== Bill Fruge wrote: JJ, thanks for the link. the various antivirus scanners found nothing even when set to look heuristically for possible viruses... I suspect that this is one of three things: 1. Backdoor/trojan that is really new... 2. Some kind of odd debuging message left by an untidy programmer... 3. Part of some other program that uses requester.10.exe as it's sender to look for updates. However I haven't found an association to any program on the machine. I'll keep tearing apart the system to figure out what this thing does. For now I'll keep blocking it until I can put a sniffer on this system. I was hoping someone out there might have run into this. I suppose I could try to decompile it and get a clue about what its trying to do. Thanks, BF "Jupiter Jones [MVP]" wrote: Bill; It seems obvious that your computer has been compromised. Have you run an updated virus scan? Follow the yellow section on this link: http://www3.telus.net/dandemar/slowcom.htm If you can not reasonably determine the source and level of corruption as well as clean it, a Clean Installation may be the best option. -- Jupiter Jones [MVP] http://www3.telus.net/dandemar/ "Bill Fruge" Bill wrote in message ... I received the message that "requester.10.exe" was being blocked. "requester.10.exe" and "requester.9.exe" two relatively new files in my "Windows\System32" directory. Anyone have any idea what these programs are? I suspect its either a backdoor/trojan or whomever the anonymous programmer(s) left some unusual text in "requester.10.exe". In "requester.10.exe" at line D0 there is this word "4D 55 48 41 48 41 48 41 48 41 48 41" or "MUHAHAHAHAHA". Ideas anyone? |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Further MS Baseline Security Analyzer issues ... | bluddihun | Security and Administration with Windows XP | 2 | May 1st 05 02:55 PM |
how tot print my favorites on one page? | Bern Holvoet | General XP issues or comments | 5 | September 22nd 04 10:01 PM |
After SP2 software will not work | Zane | Windows Service Pack 2 | 26 | August 18th 04 01:26 AM |
Recent MSFT KBs on XP SP2 Incompatibility and Others | Joshua Heslinga | Windows Service Pack 2 | 2 | August 14th 04 10:03 PM |
WUP fials to update XP HighMAT | David Beardmore | The Basics | 0 | July 31st 04 05:22 PM |