What virus is this?

[Modecate]

Found an executable on my windows\system dir: mpwzojgl.exe, though
earlier it had a different name, so it seems to spawn random names.
Size is 453K . Norton didn't turn up anything, neither did spybot or
adaware. First saw it while running a check on my running processes in
proport(recommended BTW) Pretty sure it knocked out my Norton
installation first time round and had to reinstall. Can't find any
suspicious HKLM or HKCU run, runonce or runservices. Oh, and running
the exec gives the error "can't load ak32dll.dll"(did a find file..no
luck) after which the exec deletes itself! WTF? Any ideas out there?

 

[David W. Hodgins]

Found an executable on my windows\system dir: mpwzojgl.exe, though
earlier it had a different name, so it seems to spawn random names.
Size is 453K . Norton didn't turn up anything, neither did spybot or

Submit a copy for them to examine. See
http://groups.google.com/[email protected]&rnum=3
for a list of addresses.

adaware. First saw it while running a check on my running processes in
proport(recommended BTW) Pretty sure it knocked out my Norton
installation first time round and had to reinstall. Can't find any
suspicious HKLM or HKCU run, runonce or runservices. Oh, and running
the exec gives the error "can't load ak32dll.dll"(did a find file..no
luck) after which the exec deletes itself! WTF? Any ideas out there?

See http://users.iafrica.com/c/cq/cquirke/startup.htm for most of the
places it could be starting. Also check the task scheduler.

Regards, Dave Hodgins

 

[modecate]

Submit a copy for them to examine. See
http://groups.google.com/[email protected]&rnum=3
for a list of addresses.


See http://users.iafrica.com/c/cq/cquirke/startup.htm for most of the
places it could be starting. Also check the task scheduler.

Regards, Dave Hodgins

Would it be ok to rename it as a dat file and post it to
alt.binaries.test? This is some text I found in it:

Id: UPX 1.01 Copyright (C) 1996-2000 the UPX Team. All Rights Info:
This file is packed with the UPX executable packer http://upx.tsx.org
Reserved. $

 

[David W. Hodgins]

Would it be ok to rename it as a dat file and post it to
alt.binaries.test? This is some text I found in it:

Id: UPX 1.01 Copyright (C) 1996-2000 the UPX Team. All Rights Info:
This file is packed with the UPX executable packer http://upx.tsx.org
Reserved. $

You can email a copy to me if you like.

Regards, Dave Hodgins

 

[kurt wismer]

modecate wrote:
[snip]

Would it be ok to rename it as a dat file and post it to
alt.binaries.test? This is some text I found in it:

no, it would not be alright...

it would in fact be downright irresponsible of you to put a suspected
virus in a place where anyone could get it...

 

[Modecate]

modecate wrote:
[snip]

Would it be ok to rename it as a dat file and post it to
alt.binaries.test? This is some text I found in it:

no, it would not be alright...

it would in fact be downright irresponsible of you to put a suspected
virus in a place where anyone could get it...

That's why I asked first,

Thanks

 

[Modecate]

Found an executable on my windows\system dir: mpwzojgl.exe, though
earlier it had a different name, so it seems to spawn random names.
Size is 453K . Norton didn't turn up anything, neither did spybot or
adaware. First saw it while running a check on my running processes in
proport(recommended BTW) Pretty sure it knocked out my Norton
installation first time round and had to reinstall. Can't find any
suspicious HKLM or HKCU run, runonce or runservices. Oh, and running
the exec gives the error "can't load ak32dll.dll"(did a find file..no
luck) after which the exec deletes itself! WTF? Any ideas out there?

OK, I found out what it was....an anti keylogger demo that I thought
had been disabled. I have to say this use of random file names is
unusual though. I'm not suggestibg this is a virus, far from it, it
seems to be the most widely used akl around.