mewe22011 Malware?

Discussion in 'Malware Help (A Specialist Will Reply)' started by DesultoryDemon, Aug 18, 2007.

  1. DesultoryDemon

    DesultoryDemon Private E-2

    The PC's been acting up recently and I found this file "mewe22011.exe" as an active process today. The files location is Program Files/Common Files and there was a registry entry.

    I googled "mewe22011.exe", as well as variations, and found nothing. Ran all my spyware/malware programs, which did not highlight this file. The file was originated about 10 days ago.

    So far I've ended the process, deleted the registry entry, and changed the name of the file and everything seems to be running fine.

    I guess I'm just curious as to whether this is a "bad" file.

    Thanks
     
    DesultoryDemon, Aug 18, 2007
    #1
  2. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Welcome to MG's!

    It's hard to tell without looking at the file myself but I would be willing to bet it's bad.

    If you suspect there is other infections/files then please follow our initial steps.

     
    bjgarrick, Aug 18, 2007
    #2
  3. DesultoryDemon

    DesultoryDemon Private E-2

    Thanks for the welcome! I don't think there are any other problems. I've run AVG as well as Spybot and AdAware and HijackThis. My only concern was the lack of info on this file when I googled it and was wondering if anyone has encounter it. I have the file and would make it available to anyone who wants it just to find out what it does and prevent it from happening to anyone else or to get it into a malware program.
     
    DesultoryDemon, Aug 18, 2007
    #3
  4. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    If you have the file, you can upload it to the site below and have it scanned. Let me know the results!

    By the way, HijackThis is for advanced users, removing/modifying entries could cause problems if you're not sure of what you're modifying.

    http://virusscan.jotti.org/
     
    bjgarrick, Aug 19, 2007
    #4
  5. DesultoryDemon

    DesultoryDemon Private E-2

    Thanks for the website. I really appreciate it.

    Here are the results:
    Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)

    MD5:b517f6aeedb6f383fb38d99738ee66aa

    Packers detected: -

    Bit9 reports: File not found

    Scan taken on 19 Aug 2007 04:03:14 (GMT)
    A-Squared - Found nothing
    AntiVir - Found TR/Dldr.AW.awk
    ArcaVir - Found Trojan.Agent.Virut.Ttx
    Avast - Found nothing
    AVG Antivirus - Found Generic2.JSI
    BitDefender - Found nothing
    ClamAV - Found Adware.TTC-1
    CPsecure - Found nothing
    Dr.Web - Found nothing
    F-Prot Antivirus - Found nothing
    F-Secure Anti-Virus - Found not-a-virus:AdWare.Win32.TTC.c (4, 1, 400)
    Fortinet - Found nothing
    Kaspersky Anti-Virus - Found nothing
    NOD32 - Found nothing
    Norman Virus Control - Found nothing
    Panda Antivirus - Found nothing
    Rising Antivirus - Found Trojan.DL.Win32.Agent.lq
    Sophos Antivirus - Found nothing
    VirusBuster - Found nothing
    VBA32 - Found AdWare.Win32.TTC.c

    And thanks for the advice on HijackThis. It's what I tell people myself.
     
    DesultoryDemon, Aug 19, 2007
    #5
  6. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    I would delete it and run the scans to be sure there is nothing else present. It's up to you whether you run them but I would.
     
    bjgarrick, Aug 19, 2007
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds