|
#1
June 21st, 2003, 05:38 AM
|
|||
|
|||
What is efes.exe
A few days ago a file named efes.exe showed up on my comp, in the All Users\Start Menu\Programs\Startup folder under Documents & Settings, which I have no idea of its purpose or danger. It also seemed to show up on my bro's comp the same day.
|
|
#2
June 21st, 2003, 06:51 AM
|
||||
|
||||
|
Hi Eco - rightclick on the file and choose Properties. What does it say?
I ran a search but I cannot find any mention of this file so it might be a good idea if had a look at your startups. Go here and download and run Startup List. It will generate a log file. Copy the log and paste it back into this thread.
__________________
Moderator: Vista Forum Microsoft MVP - Windows Desktop Experience 2004-2008 If we have helped you, please consider supporting Cyber Tech Help with a subscription Please do not send me Emails or Private Messages for personal support. Last time I checked, there were still only 24 hours in a day. Thank you. How to help prevent re-infection
|
|
#3
June 22nd, 2003, 10:41 PM
|
|||
|
|||
|
I guess I should have mentioned that it runs in the background when Windows boots and everytime I delete the file it seems to recreate itself somehow, but not instantaneously.
Do you still need to see a log of my startup list?
|
|
#6
June 23rd, 2003, 01:07 AM
|
|||
|
|||
I found out that it's a polymorphic virus named W32.BugBear.B@mm !!
It is fairly serious because it allows the virus author to control your PC, start or stop process, etc. etc. and it's also a keylogger which sends off all you typings to one of many predefined email addressed every 2 hours. It is treatable since the June 5th, 2003 Norton Anti-Virus update.
|
|
#7
June 23rd, 2003, 01:16 AM
|
||||
|
||||
|
You have a couple of registry entries that I cannot identify. Have you installed Morgan M-JPEG codec V3?
I cannot see any antivirus software running on your PC so I think if might be a good idea to run an online scan here. Please post back the log. Also, because you are running Win2K, Go here and download and run a scan with Hijack This. Dont make any changes, just click on Save Log, copy it and post it back in this thread. We can use this program make any registry changes necessary without having to access the registry.
__________________
Moderator: Vista Forum Microsoft MVP - Windows Desktop Experience 2004-2008 If we have helped you, please consider supporting Cyber Tech Help with a subscription Please do not send me Emails or Private Messages for personal support. Last time I checked, there were still only 24 hours in a day. Thank you. How to help prevent re-infection
|
|
#8
June 23rd, 2003, 01:22 AM
|
||||
|
||||
|
Looks like we cross posted. OK, go here and download and run the Bugbear B removal tool. Follow the instructions on the site.
When you have finished, please refer to my earlier post and run the RAV scan and post the logs.
__________________
Moderator: Vista Forum Microsoft MVP - Windows Desktop Experience 2004-2008 If we have helped you, please consider supporting Cyber Tech Help with a subscription Please do not send me Emails or Private Messages for personal support. Last time I checked, there were still only 24 hours in a day. Thank you. How to help prevent re-infection
|
|
#9
June 23rd, 2003, 01:25 AM
|
||||
|
||||
|
Quote:
Maybe ECO was running NAV, but got infected before the updated definitions had been installed. If that's the case, after running the removal tool and an online scan, be sure to uninstall and reinstall your antivirus.
__________________
Tony < - > CLSID List
|
 |
| Bookmarks |
«
Previous Topic
|
Next Topic
»
| Topic Tools | |
|
|
All times are GMT +1. The time now is 07:37 AM.
[
RSS ]
