What is ...exmodul32f.i.exe?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
After installing Zonealarm I keep getting alerts on files
...exmodul32f.i.exe with different numbers in front.

Anyone know what this is?


Thanks


Re: What is ...exmodul32f.i.exe?

There is a post on Kaspersky's forum relating to this message.

It sounds as though it may be an emerging piece of malware of some kind.

A bit more info would be useful...

What AV are you using?
Can you find the file on your system? Where is it?
Are you likely to have picked anything malicious up? (visiting
'non-mainstream' websites, opening email attachments, etc.)
From the rough translation on the Kaspersky forum, it would appear as though
a sample was submitted to Kaspersky so it may start being detected.
Again, using the rough translation, it appears as though this might be
related to smss.exe to.

Obviously, if this does turn out to be an infection of some kind, you might
want to consider making a backup of your essential data now, as you may have
an OS rebuild looming...

Bogwitch.


Quoted text here. Click to load it



--
Posted via a free Usenet account from http://www.teranews.com


Re: What is ...exmodul32f.i.exe?

On this special day, muzician21@yahoo.com wrote :

Quoted text here. Click to load it


No, it is to new. Google finds an entry in the Kaspersky user forum on
December 6th, where someone reports a c:\tempexmodul32f.i.exe, the
first number seems to be random (it is all in Russian, I have to guess
it from whatever is readable), and another one identified it as Malware
(Horst) and wrote a script for an anti virus program.

begin
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\system\smss.exe','');
DeleteFile('C:\WINDOWS\system\smss.exe');
ExecuteSysClean;
RebootWindows(True);
end.

which means, the culprit that creates this file, is probably the
smss.exe, if it is located *anywhere else* than C:\Windows\System32
(not System!)

http://www.sophos.com/virusinfo/analyses/trojhorstgo.html - Advanced
tab

Check your system for its existence.

--
Die Installation von Linux ist in den meisten Fällen nicht die Ursache
von Sicherheit, sondern die Folge von Wissen.
-
(Wilfried Kramer in de.admin.net-abuse.mail)



Re: What is ...exmodul32f.i.exe?


| After installing Zonealarm I keep getting alerts on files
| ...exmodul32f.i.exe with different numbers in front.
|
| Anyone know what this is?
|
| Thanks


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal
Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the
PC.

You can choose to go to each menu item and just download the needed files or you
can
download the files and perform a scan in Normal Mode. Once you have downloaded
the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode
[F8 key
during boot] and re-run the menu again and choose which scanner you want to run
in Safe
Mode.  It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive
PDF help
file.  http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * *   Please report back your results  * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Site Timeline