Re: Unknkown soldier, or terrorist in my task manager

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

| Mucho thank you's Herr Buffalo Roger Wilco over and out!

Plaese post the Virus Total report or the URL to the VT report.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Unknkown soldier, or terrorist in my task manager

On Tue, 5 Aug 2008 16:31:50 -0400, "David H. Lipman"

Quoted text here. Click to load it
S'all right!

Re: Unknkown soldier, or terrorist in my task manager

On Tue, 05 Aug 2008 17:31:54 -0500, Sydney Gondomer

Quoted text here. Click to load it

Well,
I have two of these "bvllybx,exe" files in my taskmanager again after
I had deleted them four days ago.

I did a search on the entire computer and it didn't find the files
anyplace.

So I'm not sure how I can get them to the virus website for testing?
Ok, I found it's location and uploaded it to virustotal.

Even though I tried to remove it I couldn't. It kept saying I needed
administrator rights. I am the administrator and only user of this
Vista Ultimate 64 bit pc?

Here is what it said. Maybe this will help?

File bvllybx.exe received on 08.10.2008 03:56:09 (CET)
Current status:   finished
Result: 3/36 (8.34%)
 Compact
Print results  Antivirus    Version    Last Update    Result
AhnLab-V3    2008.8.9.0    2008.08.08    -
AntiVir    7.8.1.19    2008.08.09    -
Authentium    5.1.0.4    2008.08.10    -
Avast    4.8.1195.0    2008.08.09    -
AVG    8.0.0.156    2008.08.09    -
BitDefender    7.2    2008.08.10    -
CAT-QuickHeal    9.50    2008.08.08    -
ClamAV    0.93.1    2008.08.09    PUA.Packed.Armadillo
DrWeb    4.44.0.09170    2008.08.09    -
eSafe    7.0.17.0    2008.08.07    -
eTrust-Vet    31.6.6019    2008.08.08    -
Ewido    4.0    2008.08.09    -
F-Prot    4.4.4.56    2008.08.10    -
F-Secure    7.60.13501.0    2008.08.09
Suspicious:W32/Malware!Gemini
Fortinet    3.14.0.0    2008.08.09    -
GData    2.0.7306.1023    2008.08.10    -
Ikarus    T3.1.1.34.0    2008.08.10    -
K7AntiVirus    7.10.408    2008.08.09    -
Kaspersky    7.0.0.125    2008.08.10    -
McAfee    5357    2008.08.08    -
Microsoft    1.3807    2008.08.09    -
NOD32v2    3342    2008.08.09    -
Norman    5.80.02    2008.08.08    -
Panda    9.0.0.4    2008.08.09    -
PCTools    4.4.2.0    2008.08.09    -
Prevx1    V2    2008.08.10    -
Rising    20.56.41.00    2008.08.08    -
Sophos    4.32.0    2008.08.10    -
Sunbelt    3.1.1538.1    2008.08.09    -
Symantec    10    2008.08.10    -
TheHacker    6.2.96.395    2008.08.08    -
TrendMicro    8.700.0.1004    2008.08.08    -
VBA32    3.12.8.3    2008.08.09    -
ViRobot    2008.8.8.1329    2008.08.08    -
VirusBuster    4.5.11.0    2008.08.09    -
Webwasher-Gateway    6.6.2    2008.08.09
Virus.Win32.FileInfector.gen (suspicious)
Additional information
File size: 1742468 bytes
MD5...: 20386ce4827c118603457dec20fb3e84
SHA1..: 512bbb14511f0ea170030e09fd577535a79fa1f0
SHA256:
cc73e5d59e5d6b5b419391a190eb538013c07ab2d192c160b7beeeaa95b8581c
SHA512:
27a39577dbd2e386b827cd5b94ab2fd537cb3650726c0e95ab29245626acbf3c
0276721df44d6814d3e881eea6b0262b7823f20e1788f7e454361f9025b44090
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x66f000
timedatestamp.....: 0x4886a383 (Wed Jul 23 03:20:35 2008)
machinetype.......: 0x14c (I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.nkobrh 0x1000 0x21e380 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.ymeju 0x220000 0xe41c 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.jxhly 0x22f000 0x40000 0x3e000 7.97 5d55c2346725d89275a2d1d944f7406a
.wcka 0x26f000 0x10000 0xd000 7.01 fb9534ec0fe4354b1918d013de500bc9
.njweg 0x27f000 0x20000 0xc000 4.77 0df10b7aa4c4e43b7ee5af9f715d6342
.xuzqah 0x29f000 0x150000 0x144000 8.00
b0ef4e277192ae49b6de9cc3a74f1685
.fitgbj 0x3ef000 0xcf000 0x4000 3.99 daacbfbff3c0d77fcc417087d73c1c5a

( 3 imports )
Quoted text here. Click to load it
GetTickCount, WideCharToMultiByte, IsBadReadPtr, GlobalAddAtomA, GlobalAddAtomW,
GetModuleHandleA, GlobalFree, GlobalGetAtomNameA, GlobalDeleteAtom,
GlobalGetAtomNameW, FreeConsole, GetEnvironmentVariableA, VirtualProtect,
VirtualAlloc, GetProcAddress, GetLastError, LoadLibraryA, SetLastError,
SetThreadPriority, GetCurrentThread, CreateProcessA, GetCommandLineA,
GetStartupInfoA, SetEnvironmentVariableA, ReleaseMutex, WaitForSingleObject,
CreateMutexA, OpenMutexA, SetErrorMode, GetCurrentThreadId, CreateFileA,
FindClose, FindFirstFileA, FindFirstFileW, VirtualQueryEx, GetExitCodeProcess,
ReadProcessMemory, VirtualProtectEx, UnmapViewOfFile, ContinueDebugEvent,
SetThreadContext, GetThreadContext, WaitForDebugEvent, SuspendThread,
DebugActiveProcess, ResumeThread, CreateProcessW, CloseHandle, GetStartupInfoW,
MapViewOfFile, DuplicateHandle, GetCurrentProcess, CreateFileMappingA,
WriteProcessMemory, ExitProcess,
FlushFileBuffers, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA,
SetStdHandle, GetConsoleMode, GetConsoleCP, SetFilePointer, GetLocaleInfoA,
GetStringTypeW, GetStringTypeA, LCMapStringW, MultiByteToWideChar, LCMapStringA,
HeapSize, HeapReAlloc, QueryPerformanceCounter, VirtualFree, HeapCreate,
HeapDestroy, GetFileType, SetHandleCount, GetEnvironmentStringsW,
FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA,
RtlUnwind, DeleteCriticalSection, GetStdHandle, WriteFile, TlsFree, TlsSetValue,
TlsAlloc, TlsGetValue, Sleep, EnterCriticalSection, LeaveCriticalSection,
GetVersionExA, InitializeCriticalSection, GetCurrentProcessId,
GetModuleFileNameW, GetShortPathNameW, GetModuleFileNameA, GetCommandLineW,
GetShortPathNameA, GetSystemTimeAsFileTime, HeapFree, HeapAlloc, GetProcessHeap,
RaiseException, TerminateProcess, UnhandledExceptionFilter,
SetUnhandledExceptionFilter, IsDebuggerPresent, GetCPInfo, InterlockedIncrement,
InterlockedDecrement, GetACP, GetOEMCP,
IsValidCodePage
Quoted text here. Click to load it
GetPropA, GetMessageA, GetSystemMetrics, SetTimer, GetAsyncKeyState, KillTimer,
BeginPaint, EndPaint, SetWindowTextA, GetDlgItem, CreateDialogIndirectParamA,
ShowWindow, UpdateWindow, LoadStringA, LoadStringW, FindWindowA,
WaitForInputIdle, MessageBoxA, InSendMessage, UnpackDDElParam, FreeDDElParam,
DefWindowProcA, LoadCursorA, RegisterClassW, CreateWindowExW, RegisterClassA,
CreateWindowExA, GetWindowThreadProcessId, SendMessageW, SendMessageA,
PeekMessageA, TranslateMessage, DispatchMessageA, EnumWindows, IsWindowUnicode,
PackDDElParam, PostMessageW, PostMessageA, IsWindow, DestroyWindow
Quoted text here. Click to load it

( 0 exports )
packers (F-Prot): Armadillo

Re: Unknkown soldier, or terrorist in my task manager





| Well,
| I have two of these "bvllybx,exe" files in my taskmanager again after
| I had deleted them four days ago.

| I did a search on the entire computer and it didn't find the files
| anyplace.

| So I'm not sure how I can get them to the virus website for testing?
| Ok, I found it's location and uploaded it to virustotal.

| Even though I tried to remove it I couldn't. It kept saying I needed
| administrator rights. I am the administrator and only user of this
| Vista Ultimate 64 bit pc?

| Here is what it said. Maybe this will help?

| File bvllybx.exe received on 08.10.2008 03:56:09 (CET)

< snip >

What is the ully qualified path to  bvllybx.exe  ?

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Unknkown soldier, or terrorist in my task manager



On Sat, 9 Aug 2008 22:01:46 -0400, "David H. Lipman"

Quoted text here. Click to load it
 I'm sorry mates. After I uploaded it I went into administrator mode
and was able to delete the entire folder. I wasn't able to back track
and find it.

So I will have to pull up my keylogger and find it that way. Give me
about 15 minutes and I should have the path information for you, but
unless it is in the recycle bin I won't be able to zip it and send it
to you.


Re: Unknkown soldier, or terrorist in my task manager




| On Sat, 9 Aug 2008 22:01:46 -0400, "David H. Lipman"



Quoted text here. Click to load it







|  I'm sorry mates. After I uploaded it I went into administrator mode
| and was able to delete the entire folder. I wasn't able to back track
| and find it.

| So I will have to pull up my keylogger and find it that way. Give me
| about 15 minutes and I should have the path information for you, but
| unless it is in the recycle bin I won't be able to zip it and send it
| to you.


Thanx if you can!

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Unknkown soldier, or terrorist in my task manager



On Sat, 9 Aug 2008 22:01:46 -0400, "David H. Lipman"

Quoted text here. Click to load it

I can't get my keylogger to activate. So I won't be able to look back
and give you the path.

Now that I think about it, that file, and the folder that went
HJJKLVWEF something weird like that, might well have all been a part
of my "All in one Keylogger" that I installed last week.

When I reinstall it, I will check to see if those files come back. If
they do, then I will know that is what they are.

Site Timeline