Downloader.awx info

ejsilver26 · Jun 19, 2006

I'm sure most of us geeks know this, but I have found the following info about Downloader.awx:
1. It is 2 random files, random length in the c:/windows/system32 folder. One is an .exe and one is a .dll.
2. The files are locked (possibly in use).
3. It is listed as a BHO for IE.
4. It is listed in the startup group.
5. It is in the registry twice.

Anyone else have any other info about the file? How are people getting it? Is it a drive-by? Is it through e-mail? Any definative solutions?

chaslang · Jun 20, 2006

Welcome to Majorgeeks!

It is not really anything new or that difficult to remove. Our standard cleaning steps in READ & RUN ME FIRST Before Asking for Support
This will get your system into a known state. And from that point we can easily create a fix. Normally the fix is to disconnect the DLL from explorer.exe and/or winlogon.exe and then to delete the DLL file on reboot using Pocket Killbox (or similar). There are dozens of similar infections where the same procedure is used.

ejsilver26 · Jun 20, 2006

True. One of the registry keys is the winlogon. Wonder why McAfee hasn't made a fix yet, then.

chaslang · Jun 20, 2006

Because most antivirus companies like Network Associates and Symantec are way behind in their ability to fix all the real difficult malware issues. That is why there are so many forums like this one and so many people creating miscellaneous specialty tools to fix problems like this.

I have in fact posted at least two fixes just tonight for this "downloader-awx" (that is only what McAfee calls it).

See:

Help Downloader-AWX: All Logs Attached

further assistance pls

Log in or Sign up

Downloader.awx info

ejsilver26 Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

ejsilver26 Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member