Archived from groups: microsoft.public.windowsxp.security_admin (
More info?)
Funny you confirm my thoughts. I ran MS's new antispyware beta and while it
missed the .exe, it did find this:
Trojan.Delf at HKEY_
LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run requestor"
While I am not a MS mega supporter, they were the only one who found this
from all the spyware checkers I have.
"MowGreen [MVP]" <mowgreen@nowandzen.com> wrote in message
news:OmzhWMJ9EHA.2804@TK2MSFTNGP15.phx.gbl...
>> Backdoor/trojan
>
> BINGO !!!
>
> Advise you to go to CastleCops and post here after reading the
> guidelines first :
>
http://castlecops.com/forum67.html
>
> requester(x).exe is a new malware variant. There are extremely
> knowledgeable experts who will help with the removal of it.
> If you can locate the file on the system and it's 1 MB or less, have it
> scanned at Kapersky's online virus scanner :
>
http://www.kaspersky.com/remoteviruschk.html
> They have been very good at picking up malware that are not viruses and at
> least it may help you identify it.
>
>
> MowGreen [MVP]
> ===============
> *-343-* FDNY
> Never Forgotten
> ===============
>
>
> Bill Fruge wrote:
>> JJ, thanks for the link. the various antivirus scanners found nothing
>> even when set to look heuristically for possible viruses... I suspect
>> that this is one of three things:
>> 1. Backdoor/trojan that is really new...
>> 2. Some kind of odd debuging message left by an untidy programmer...
>> 3. Part of some other program that uses requester.10.exe as it's sender
>> to look for updates. However I haven't found an association to any
>> program on the machine.
>>
>> I'll keep tearing apart the system to figure out what this thing does.
>> For now I'll keep blocking it until I can put a sniffer on this system. I
>> was hoping someone out there might have run into this. I suppose I could
>> try to decompile it and get a clue about what its trying to do.
>>
>> Thanks,
>> BF
>>
>> "Jupiter Jones [MVP]" wrote:
>>
>>
>>>Bill;
>>>It seems obvious that your computer has been compromised.
>>>Have you run an updated virus scan?
>>>
>>>Follow the yellow section on this link:
>>>
http://www3.telus.net/dandemar/slowcom.htm
>>>
>>>If you can not reasonably determine the source and level of corruption as
>>>well as clean it, a Clean Installation may be the best option.
>>>
>>>--
>>>Jupiter Jones [MVP]
>>>http://www3.telus.net/dandemar/
>>>
>>>
>>>"Bill Fruge" <Bill Fruge@discussions.microsoft.com> wrote in message
>>>news:4A87AC36-DBA5-49FC-BDFD-AC84F147EEA3@microsoft.com...
>>>
>>>>I received the message that "requester.10.exe" was being blocked.
>>>>"requester.10.exe" and "requester.9.exe" two relatively new files in my
>>>>"Windows\System32" directory. Anyone have any idea what these programs
>>>>are? I
>>>>suspect its either a backdoor/trojan or whomever the anonymous
>>>>programmer(s)
>>>>left some unusual text in "requester.10.exe". In "requester.10.exe" at
>>>>line
>>>>D0 there is this word "4D 55 48 41 48 41 48 41 48 41 48 41" or
>>>>"MUHAHAHAHAHA". Ideas anyone?
>>>
>>>
>>>