Results 1 to 5 of 5

Thread: Any Idea mrofinu922.exe?

  1. #1
    Ultimate Member mobo57's Avatar
    Join Date
    Jun 2003
    Location
    In a So Cal Tube
    Posts
    1,971

    Any Idea mrofinu922.exe?

    See this app running in task manager. This time google is not my friend, no hits. Avast, Trend Micro scans bring back a clean system. File information shows no author, company etc. It is in my Windows directory and is a few days old. Killing it has no effect on my system. Don't see it anywhere in my config or services list or logs. It is a 32 bit program, as I am running XP 64.
    Anybody got any ideas?
    Profanity: a weak mind trying to express itself forcibly.
    http://www.thegopnet.com

  2. #2
    Senior Member michaeln's Avatar
    Join Date
    Jan 2002
    Location
    Ireland
    Posts
    619
    Have a look at this info http://fileinfo.prevx.com/adware/qq7...OFINU.EXE.html as it is similar to the file you found.

    hope it helps!

  3. #3
    Ultimate Member mobo57's Avatar
    Join Date
    Jun 2003
    Location
    In a So Cal Tube
    Posts
    1,971
    Well I located it's origin, came in a free 3DS Max material file I downloaded. Reported it to the admin and the file has been pulled. Interesting that Avast, AVG, Webroot did not pick it up until it loaded it's junk. Went ahead and did a reformat clean install of Windoze and my programs. Needed to do it anyway, system seems to be a bit snappier if I do it every 6 to 12 months. Get out all the garbage that has piled up.
    Profanity: a weak mind trying to express itself forcibly.
    http://www.thegopnet.com

  4. #4
    Junior Member
    Join Date
    Nov 2007
    Posts
    1

    mrofinu922.exe

    I got my mine thru a cracked exec. so its thru no fault of my own i got it. for you it seems a bit more malicious. this little nasty along with a few others took a hold of my log in file so i couldn't delete it in safe mode even. i used :hijackthis, smaudfix, vindofix,combofix,spybot,adaware, and nortons virus. nothing caught it all. 2 or 3 files none of these programs saw. dlls actually. heres a list of them.

    C:\WINDOWS\17PHolmes922.exe
    C:\WINDOWS\mrofinu922.exe
    C:\WINDOWS\SmFzb24gUGllcmFudG96emk\mAIWvZb0o355wAI Rx36dyA4.vbs
    C:\WINDOWS\system32\byxxyya.dll
    C:\WINDOWS\system32\dvaywcwd.dll.vir
    C:\WINDOWS\system32\efccaxx.dll
    C:\WINDOWS\system32\nnnlkjg.dll
    C:\WINDOWS\system32\nnnllji.dll.vir
    C:\WINDOWS\UpdReg.EXE
    C:\WINDOWS\system32\ssqrppo.dll
    C:\WINDOWS\system32\ddccy.dll
    C:\WINDOWS\NirCmd.exe
    C:\Program Files\WS_FTP Pro\wsbho2k0.dll


    ssqrppo.dll was reinstalling everything i deleted. this was the file that kept everything going. was allso embedded in the winlogin file that runs your loging in to windows, this is in safe mode as well!! Safemode did nothing for me. in the end i removed the offending .dll with my copy of wininternals. i suppose you could remove the .dlls in dos as well im thinking.

  5. #5
    Ultimate Member rmanet's Avatar
    Join Date
    Feb 2000
    Location
    Sunny San Diego
    Posts
    2,653
    Interesting that Avast, AVG, Webroot did not pick it up until it loaded it's junk.
    The bane of our existence - sometimes TrendMicro and all the others simply don't find these kinds of bugs in a routine scan. Use every free or trialware (that truly works) AV program to try again.

    Or backup the registry and use regedit and look around as well, google your results?
    "hope to someday have a clever or inspirational quote....."
    ANON

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •