Win32.processor.20

  six-h 13:27 07 Feb 2008
Locked

Whilst scanning with a-Squared for the first time, it turned up this file that it classed as "risk ware".
I didn't know what to do with is, and quarantined it.
Since then when booting up, all progresses normally 'till the "Welcome" screen where the music should play, and it doesn't.
The desktop builds strangely, and the music starts half way through the build.
My antivirus download icon appears in the sys. tray, though it is not downloading. Eventually, it disappears, and then reappears about ten minutes later, and downloads today's definitions as normal.
Several other odd, but not serious changes.
Anyone else have this experience?

  mfletch 14:02 07 Feb 2008

Hi,

What else did it say about Win32.processor.20

Thing like System volume or SmitfraudFix etc,

mfletch

  six-h 14:21 07 Feb 2008

Short answer is I don't know!
I'm stumbling around in the dark here, I think when I clicked on the entry in the a2 report, it took me to their website that said it was classed as "risk ware" and could be associated with... then followed a list of possible associations, the only ones that I remember were, FTP protocol and file sharers.
I don't do file sharing, but FTP protocol is a term mentioned in my download window when e-Trust phones home for updates.

This all started when a spybot scan uncovered "Win32.TrojanSpy.Banker", which it removed.
I've since read that these two are somehow connected.

I'm currently being "cleaned by the Malware forum, but haven't heard back from my contact for 24hrs, since running a Kaspersky online scan that turned up nothing after a 55min scan, except to say that it skipped 65 "locked objects"

  six-h 14:28 07 Feb 2008

Searching the Sys32 folder, I've turned up an entry for process.exe preceeded by a "q" (presumably denoting it is in quarentine) the shocking thing is that it is listed as last modified 04/08/2004 00:56
It has remained undetected through at least two visits to malware forum, with HJT logs, and countless AVG AntiSpyware, Spybot, and AdAware scans!

  mfletch 15:05 07 Feb 2008

Hi,

If you are being looked at by a Malware forum I would let them sort your problem out,

It is not a good idea to have two different forums doing alterations and fixes,

What forum are you using and what is your user name,

Also the risk-ware may just be left over;s from the Trojan you had.

mfletch

  six-h 15:31 07 Feb 2008

Yes, I wouldn't do anything without their say so, I'm just wanting to understant what it's all about.
Hope you're right about leftovers.
Mystery is why is all this affecting the way my desktop builds??

My thread is here: - click here

  mfletch 15:43 07 Feb 2008

Thank;s I will have a look,

It would be nice to have more info on the quarantined item but if you do not know??

mfletch

  mfletch 17:16 07 Feb 2008

Hi,

click here

process.exe

Added by Troj/Banker-JJ Found in the %WINDOWS% directory

  mfletch 17:19 07 Feb 2008

Sorry should have added that I would download and run Superantispyware {in safe mode}

SAS/Free/ click here

mfletch

  six-h 18:28 07 Feb 2008

I'll probably give super asw a go, since none of the rest of my armoury seems to have sniffed this one out.
since August 2004!!!!

I've already read the link you posted, and several other snippets that don't raise my mood!
I'm just thankful that there has been no unauthorised use of my millions ;-)

Let's see what "Mal-ware can find, though they have missed this one on two previous occasions!

  mfletch 19:26 07 Feb 2008

qprocess.exe {This is}

C:\WINDOWS\system32\

Microsoft® Windows® Operating System

So should be OK/

mfletch

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

WPA2 hack: How secure is your Wi-Fi?

Add Depth Of Field to a photo using Tilt Shift Blur in Photoshop

iPhone tips & tricks

Comment afficher des fichiers cachés sur Mac ?