E3od06h4.exe ????

[IanSparX]

Hi all

I seem to have this program (E3OD06H4.EXE) program running in my Task Manager under processes. I cant seem to erase it from my PC. Norton 2008 blocks it/removes it, but then it will appear back in the Task Manager, I have all the updates from Microsoft running SP2, also tried running Microsofts removal tool on full scan but it didn't detect anything.

Does anyone know what this program is or is upto in my PC, as since having it, I get thrown back to my desktop when surfing the net, or playing games. I have also deleted the above maually myself from its folder, but still it comes back? Norton classes this as a "Low" security risk and says it has resolved it and I am protected from it, but i'm not so sure as why is it still in my
programs running lol. I also use SpyBot S&D which is upto date.

Other dodgy programs which also have been blocked/protected against, which try to gain access all the time are:

oj675OOm
034MM7po

Any information, would be really great!

Cheers
Ian.

 

[Ian]

I can't see anything about this filename on the net, so I assume it's randomly generated - does Norton give you any information about this application (i.e. a Virus name?).

It might be worth running these online scans to see if they pick it up:

http://housecall.trendmicro.com/
http://www.kaspersky.com/virusscanner

 

[IanSparX]

Hi

Thanks for info Ian,

I've checked the Norton history page, and it just gives the path of where the program is, being, C:\windows\system32\E3OD06H4.exe. It does not say it is a virus or anything other than a 'Learn Application,' of Low risk. I'm not sure if it has something to do with the new Spybot I upgraded to, it maybe totally harmless. But I do remember the filename keep trying to get into my PC as it would keep alerting me (bottom right of desktop) Which it always said 'blocked.'
blah blah blah for suspesious activity detected.

I'm currently running the Kaspersky online virus check etc, so will see what this brings up.

 

[IanSparX]

Half way through the scan and it has already found the file I mentioned earlier, and states it is a:

Trojan-Downloader.W32.Agent.aeyu

Just shows you how crap Norton 2008 Internet Security really is, once again thanks for help Ian, think I have it sorted now ,thanks to you.

Cheers

 

[Adywebb]

'oj675OOm' is a Malware Trojan Downloader exploit according to Prevx, so I suspect the other items may be too.

Although they are currently being blocked from communicating, you really don't want them on there - I would run a HijackThis log and post it over at bleepingcomputer.com where they have experts who will analyse it and help you remove them.