Nobody likes to be called a dummy by a dummy.

WAS7Mon.exe

That thing is some NASTY spyware.

I had to download something called ComboFix.exe to get rid of it.

Not my machine--just a co-worker.

This thing has an un-install in Add/Remove programs, but it never goes away.  It installs a search/toolbar in IE, restarts on re-boot, and wraps itself into the registry.  Killing processes doesn't work.  It slows down the machine, blocks access to the internet.

I think it is someone's idea of a rootkit or zombie tool.

Just thought I'd share the fix.  The co-worker says he has no idea how he got it.  Walked away, came back, pop-up windows everywhere.
Permalink Send private email sharkfish 
July 18th, 2007 11:00am
Sure.  That's how the dead chicken porn ended up on my laptop.
Permalink Send private email muppet 
July 18th, 2007 11:40am
Important Warning:

Use the Search feature to check if your computer has a file called KRNL386.EXE installed.  And delete all copies that you find (you may have to make a DOS boot disk and boot then delete using that).

KRNL stands for Krazy Rootkit Now Loaded, and can damage your computer as well as installing pr0n.

Be sure to delete it!
Permalink  
July 18th, 2007 2:18pm
Funny, that's on my computer, in \Windows\System32, dated 8/4/2004.

I think that's a core file of the operating system, and you delete it at your peril.

Bakka!
Permalink SaveTheHubble 
July 18th, 2007 3:06pm
> Funny, that's on my computer, in \Windows\System32, dated 8/4/2004.

OMG, you've been infected for more than 3 years!

> I think that's a core file of the operating system, and you delete it at your peril.

That's what they want you to believe! Delete it now!

Since you've been infected for so long, they have probably have built up a spyware database on your computer that will eventually be used for identity theft.  You will probably find files in the same folder on your computer called GDI.DLL or GDI32.EXE  (GDI stands for Global Database for Identity theft). Delete these files too.
Permalink  
July 18th, 2007 3:55pm
Yeah.  First principles -- never believe stuff told you by anonymous.

The "Windows OS" is basically implemented by three exe files -- The Kernel (KRNL386), the User, and the GDI (Graphics Document Interface, I think).

But Mr. 'blank' here sure is having fun.
Permalink SaveTheHubble 
July 18th, 2007 4:01pm
> Yeah.  First principles -- never believe stuff told you by anonymous

And a nick like "SaveTheHubble" isn't anonymous?

Post your name, address and social security number, or there's no reason to believe you either.

P.S.

If you have a file called USER.EXE or USER32.DLL (or both), be sure to delete that too. That stands for "Universal Spyware Exchange Resource" and it's just as bad as it sounds.
Permalink  
July 18th, 2007 4:06pm
Your joke wasn't even funny the first time, dipshit.
Permalink LH 
July 18th, 2007 4:29pm

This topic is archived. No further replies will be accepted.

Other topics: July, 2007 Other topics: July, 2007 Recent topics Recent topics