|
Posted by Nick Goetz on June 14, 2007, 6:00 am
If you were Registered and logged in, you could reply and use other advanced thread options
>
>
>| Windows MCE 2005 SP2 & patched here --
>
>| I just used Panda Online to scan my computer -- and it turned up a
>| malware. I looked in the WINDOWS directory and saw a couple of other
>| entries I don't recognize:
>
>| C:\WINDOWS
>| * catchme.exe (with the default blank-window icon)
>| AWuninstall.exe (with the international red-circle-slash for "NO"
>| icon). The name sounds suspicious.
>| * iminst2.exe (with the default blank window icon)
>| movexe.exe (with the default blank window icon)
>| * ExpressPlayer.iso & ExpressPlayer.txt (says only "1.0.023-204782")
>
>| PANDA RESULTS:
>| * Potentially unwanted tool:Application/NirCmd.A; Not disinfected;
>| C:\WINDOWS\nircmd.exe
>
>| * Potentially unwanted tool:Application/Processor ; Not
>| disinfected; C:\WINDOWS\system32\process.exe
>| The PROPERTIES on this file say it comes from www beyondlogic org
>| and uses Australian English. I use US English, and don't recall
>| using any problem from Australia.
>
>| * Virus:Trj/Shutdown.Z; Disinfected;
>| C:\WINDOWS\system32\restart.exe.
>| I could not find this file, so I guess Panda did its job! But I have
>| no way of checking the dates to see when I might have gotten this
>| virus.
>
>| HOW TO BETTER PROTECT MYSELF?
>| I've had to kill off a couple of viruses in the last month. This
>| after years of computing virus-free. I went to online cable six
>| months ago; I don't visit dangerous websites, and have Google
>| configured to warn me if a redirect tries to take me to one.
>| I have been going through some old CD's with programs (4-5 years
>| old), and copying the ones I wnat to keep onto an external
>| hard-drive. About 70% of the programs are going into the trash.
>| I use AVG, Spybot S&D, Ad-Aware regularly and keep them updated.
>| I run a full AVG virus check weekly, and use online Panda, Trend
>| Micro, and Kaspersky monthly.
>| WHAT computing behaviors should I change?
>| WHAT programs, controls, configurations, etc should I change?
>
>| Lady Dungeness
>| Crabby, but the Legs are Delicious!
>
>
>
> Lady:
>
> Catchme.exe -- Did you get this from Gmer ?
> process.exe -- Not a proble and is not malware. It is a tool that in
> itself is NOt malicious but can be used maliciously. I believe
> although restart.exe is called a rojan it too falls under the same
> banner.
>
> .ISO files are not malicious. They are CD/DVD image files.
>
> However, "PANDA RESULTS: * Potentially unwanted
> tool:Application/NirCmd.A; Not disinfected; C:\WINDOWS\nircmd.exe
> I'm not sure what that is. This needs more research. Maybe submit it
> to Virus Total.
>
> Overall, I'd say that you really do NOT have a problem.
>
>
David:
I think "nircmd" is probably the "command line tool" from Nirsoft.
The instalation has an option to place "nircmd.exe" in the Windows
directory.
Nick Goetz
| 
XML site map