-
Ultimate Member
Any Idea mrofinu922.exe?
See this app running in task manager. This time google is not my friend, no hits. Avast, Trend Micro scans bring back a clean system. File information shows no author, company etc. It is in my Windows directory and is a few days old. Killing it has no effect on my system. Don't see it anywhere in my config or services list or logs. It is a 32 bit program, as I am running XP 64.
Anybody got any ideas?
-
Senior Member
Have a look at this info http://fileinfo.prevx.com/adware/qq7...OFINU.EXE.html as it is similar to the file you found.
hope it helps!
-
Ultimate Member
Well I located it's origin, came in a free 3DS Max material file I downloaded. Reported it to the admin and the file has been pulled. Interesting that Avast, AVG, Webroot did not pick it up until it loaded it's junk. Went ahead and did a reformat clean install of Windoze and my programs. Needed to do it anyway, system seems to be a bit snappier if I do it every 6 to 12 months. Get out all the garbage that has piled up.
-
mrofinu922.exe
I got my mine thru a cracked exec. so its thru no fault of my own i got it. for you it seems a bit more malicious. this little nasty along with a few others took a hold of my log in file so i couldn't delete it in safe mode even. i used :hijackthis, smaudfix, vindofix,combofix,spybot,adaware, and nortons virus. nothing caught it all. 2 or 3 files none of these programs saw. dlls actually. heres a list of them.
C:\WINDOWS\17PHolmes922.exe
C:\WINDOWS\mrofinu922.exe
C:\WINDOWS\SmFzb24gUGllcmFudG96emk\mAIWvZb0o355wAI Rx36dyA4.vbs
C:\WINDOWS\system32\byxxyya.dll
C:\WINDOWS\system32\dvaywcwd.dll.vir
C:\WINDOWS\system32\efccaxx.dll
C:\WINDOWS\system32\nnnlkjg.dll
C:\WINDOWS\system32\nnnllji.dll.vir
C:\WINDOWS\UpdReg.EXE
C:\WINDOWS\system32\ssqrppo.dll
C:\WINDOWS\system32\ddccy.dll
C:\WINDOWS\NirCmd.exe
C:\Program Files\WS_FTP Pro\wsbho2k0.dll
ssqrppo.dll was reinstalling everything i deleted. this was the file that kept everything going. was allso embedded in the winlogin file that runs your loging in to windows, this is in safe mode as well!! Safemode did nothing for me. in the end i removed the offending .dll with my copy of wininternals. i suppose you could remove the .dlls in dos as well im thinking.
-
Ultimate Member
Interesting that Avast, AVG, Webroot did not pick it up until it loaded it's junk.
The bane of our existence - sometimes TrendMicro and all the others simply don't find these kinds of bugs in a routine scan. Use every free or trialware (that truly works) AV program to try again.
Or backup the registry and use regedit and look around as well, google your results?
"hope to someday have a clever or inspirational quote....."
ANON
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|