Piylzq2tOn: what is this?
in [Viruses]
|
Prev: spybot registey change notice
Next: bios virus
From: ijones on 8 Jul 2008 13:20 Hi, I have just noticed in Startup I have: Piylzq2tOn C:\Documents and Settings\Franco\Impostazioni locali\Temp\lugcmjwv.exe What is this please? Could I detete this file manually? thanks
From: David W. Hodgins on 8 Jul 2008 13:55 On Tue, 08 Jul 2008 13:20:22 -0400, <ijones(a)togliinterfree.it> wrote: > Hi, I have just noticed in Startup I have: > Piylzq2tOn C:\Documents and Settings\Franco\Impostazioni > locali\Temp\lugcmjwv.exe Submit a copy to http://www.virustotal.com/, to find out what it is, and post back with the results. Regards, Dave Hodgins -- Change nomail.afraid.org to ody.ca to reply by email. (nomail.afraid.org has been set up specifically for use in usenet. Feel free to use it yourself.)
From: Russg on 8 Jul 2008 13:56 <> wrote in message news: > Hi, I have just noticed in Startup I have: > > Piylzq2tOn C:\Documents and Settings\Franco\Impostazioni > locali\Temp\lugcmjwv.exe > > What is this please? > Could I detete this file manually? > thanks You can delete any file in a Temp directory. Which file is in your startup, piylzq2ton or lugcmjwv.exe? Either way, if you can find the file, submit it to: www.virustotal.com and see if it is known malware. The odd names you're talking about are suspicious. You can also Google those files, but probably won't get you anywhere.
From: ijones on 8 Jul 2008 15:52 >Submit a copy to http://www.virustotal.com/, to find out what it is, and >post back with the results. Thanks for your news. This is my post: Antivirus Versione Ultimo aggiornamento Risultato AhnLab-V3 2008.7.9.0 2008.07.08 Win-Trojan/Agent.15360.FV AntiVir 7.8.0.64 2008.07.08 DIAL/15360.A Authentium 5.1.0.4 2008.07.07 - Avast 4.8.1195.0 2008.07.08 Win32:Dialer-JC AVG 7.5.0.516 2008.07.08 Potentially harmful program Dialer.HVB BitDefender 7.2 2008.07.08 - CAT-QuickHeal 9.50 2008.07.08 TrojanDownloader.Agent.spb ClamAV 0.93.1 2008.07.08 Trojan.Dialer.Egroup DrWeb 4.44.0.09170 2008.07.08 - eSafe 7.0.17.0 2008.07.08 Suspicious File eTrust-Vet 31.6.5937 2008.07.08 - Ewido 4.0 2008.07.08 - F-Prot 4.4.4.56 2008.07.07 - F-Secure 7.60.13501.0 2008.07.08 Dialer.HN Fortinet 3.14.0.0 2008.07.08 - GData 2.0.7306.1023 2008.07.08 Win32:Dialer-JC Ikarus T3.1.1.26.0 2008.07.08 Dialer.Win32.Egroupsexdial Kaspersky 7.0.0.125 2008.07.08 - McAfee 5334 2008.07.08 - Microsoft 1.3704 2008.07.08 Dialer:Win32/Egroupsexdial NOD32v2 3251 2008.07.08 - Norman 5.80.02 2008.07.08 Dialer.HN Panda 9.0.0.4 2008.07.08 - Prevx1 V2 2008.07.08 Cloaked Malware Rising 20.52.12.00 2008.07.08 - Sophos 4.31.0 2008.07.08 - Sunbelt 3.1.1509.1 2008.07.04 Dialer.15360.A Symantec 10 2008.07.08 - TheHacker 6.2.96.374 2008.07.07 - TrendMicro 8.700.0.1004 2008.07.08 - VBA32 3.12.6.8 2008.07.08 suspected of MalwareScope.Dialer.NWMini.1 (paranoid heuristics) VirusBuster 4.5.11.0 2008.07.08 - Webwasher-Gateway 6.6.2 2008.07.08 Dialer.15360.A Informazioni addizionali File size: 15360 bytes MD5...: f5cc0a9369e3d3540046c711dfda9f1d SHA1..: 1f913e506fd94abeb8d9b175c054677d8f3426cf SHA256: 07774aecd76fd1d6b827339a74c26811e0edf4150367881e88a0dc42b650b19f SHA512: 0bd4cab4a36ce97555470acd9e110e7eb4052f3d710e73849a54d7fd888c339e 677a62d5d07b08851e973b59be1f85cd9465b91c8ea7844ff9e0f0c204445065 PEiD..: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x1ffd0 timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 UPX0 0x1000 0xc000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e UPX1 0xd000 0x4000 0x3200 7.83 e17935738e7ea1d96920dbed86879e6e ..rsrc 0x11000 0x1000 0x600 4.83 cd91d0935e498b88e28a2a9d5b2505f2 ( 4 imports ) > KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess > advapi32.dll: RegCloseKey > oleaut32.dll: SysFreeString > user32.dll: GetCursorPos ( 0 exports ) packers (F-Prot): UPX Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=22A88D36002B949E3C9B00204776A1003906454A packers (Kaspersky): PE_Patch.UPX, UPX, PE_Patch.UPX, UPX packers (Avast): UPX
From: David H. Lipman on 8 Jul 2008 16:09
From: <ijones(a)TOGLIinterfree.it> >>Submit a copy to http://www.virustotal.com/, to find out what it is, and >>post back with the results. | Thanks for your news. This is my post: | AhnLab-V3 2008.7.9.0 2008.07.08 Win-Trojan/Agent.15360.FV | AntiVir 7.8.0.64 2008.07.08 DIAL/15360.A | Avast 4.8.1195.0 2008.07.08 Win32:Dialer-JC | AVG 7.5.0.516 2008.07.08 Potentially harmful program Dialer.HVB | CAT-QuickHeal 9.50 2008.07.08 TrojanDownloader.Agent.spb | ClamAV 0.93.1 2008.07.08 Trojan.Dialer.Egroup | eSafe 7.0.17.0 2008.07.08 Suspicious File | F-Secure 7.60.13501.0 2008.07.08 Dialer.HN | GData 2.0.7306.1023 2008.07.08 Win32:Dialer-JC | Ikarus T3.1.1.26.0 2008.07.08 Dialer.Win32.Egroupsexdial | Microsoft 1.3704 2008.07.08 Dialer:Win32/Egroupsexdial | Norman 5.80.02 2008.07.08 Dialer.HN | Prevx1 V2 2008.07.08 Cloaked Malware | Sunbelt 3.1.1509.1 2008.07.04 Dialer.15360.A | VBA32 3.12.6.8 2008.07.08 suspected of | MalwareScope.Dialer.NWMini.1 (paranoid heuristics) | Webwasher-Gateway 6.6.2 2008.07.08 Dialer.15360.A As you can see, this is a pr0n dialer. What AV software are you using ? -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp |