punpirate
(1000+ posts)
Send PM |
Profile |
Ignore
|
Fri Apr-08-05 09:32 PM
Original message |
|
... this afternoon, I haven't been doing anything unusual, except that I've been busy downloaded a bunch of pdfs for something I've been working on. Around the same time, it seemed as if the resources were drying up, so I started NT task manager and found this file running, with a file date and time of this afternoon and taking about 95% of the processor time: azjnqj.exe
I did a Google and a dogpile search for this file, since there's nothing listed in its file properties and came up with nothing. Anyone seen this? Know what it is? It's got me bugged, if only because I can't view the compiled file. I really want to know where this file originated. Have it contained for now, but I'm pissed and want to know how this managed to sneak in under the radar and loaded itself. Anyone know of a good compiled executable viewer?
Cheers.
|
bemildred
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sat Apr-09-05 08:49 PM
Response to Original message |
1. Google "binary viewer" |
|
Also "decompiler" and "binary editor" are good. Hope you have plenty of time.
|
punpirate
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sun Apr-10-05 01:30 AM
Response to Reply #1 |
|
... have been doing that, without a lot of luck. The irritating thing about this is that I have been working on a spare computer for the last couple of weeks--had a boot disk crash on my usual machine, and that is the one that has the binary viewer on another disk (and, for the life of me, I can't remember the name of the program I used on it). Still waiting for some software to revive the other machine. *sigh*
Cheers.
|
bemildred
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sun Apr-10-05 09:26 AM
Response to Reply #2 |
3. The name is probably random, BTW. nt |
punpirate
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sun Apr-10-05 08:05 PM
Response to Reply #3 |
4. Well, was, maybe, looking for... |
|
... the wrong file. It kept calling firewall.exe, so I checked for that, and the firewall.exe is the worm, W32.elitper. Not sure which version, but the weird part is that it's spread through email attachments or file-sharing services; my email is clean, and I don't use Kazaa or any other file-sharers.
The odd thing is that the file name I first asked about isn't mentioned in any of the virus notices, nor do they mention that it creates an executatble with a random name. If I hadn't seen it running as a process, I never would have caught it. Wonder if its a different virus/worm, or a new variant of the W32.elitper.
But, the only thing that comes to mind is that someone found a port open in a back door somewhere. I didn't notice when I first started this spare computer that Zone Alarm wasn't running. All I can think of.
Anyway, thanks. Under control now.
|
DU
AdBot (1000+ posts) |
Tue Apr 30th 2024, 01:02 PM
Response to Original message |