Possible peper trojan (dr peper ? )

B

Brian VanPelt

I have a WinXP (home) computer that won't allow a screen saver to be
displayed (on its own, however, I can preview it). I have run
Ad-Aware and Spybot and cleaned up many things, but the screen saver
won't work. Also, when I look at the running processes, I noticed an
odd program, muqaz.exe, running. When I right-clicked that
executable, it made mention of kernel32, so I knew that was a bad
sign. I did an internet search and found an article that mentions
that process as one that might indicate the peper trojan. There is
not a lot of information on the subject, but there have been a few
pages that I have looked at that describe several steps to get rid of
this trojan.

My biggest problem is that I am not absolutely certain that this is
the peper trojan (or one of its variants). I was wondering if anyone
knew of a way to determine, for certain, that this machine has the
peper trojan.

I will, nonetheless, run through the deletion processes that I have
found, hoping for the best.

If you have any ideas/things that I can look for to make a positive
determination that this is the peper trojan, please respond.

Thanks,

Brian
 
N

null

I have a WinXP (home) computer that won't allow a screen saver to be
displayed (on its own, however, I can preview it). I have run
Ad-Aware and Spybot and cleaned up many things, but the screen saver
won't work. Also, when I look at the running processes, I noticed an
odd program, muqaz.exe, running. When I right-clicked that
executable, it made mention of kernel32, so I knew that was a bad
sign. I did an internet search and found an article that mentions
that process as one that might indicate the peper trojan. There is
not a lot of information on the subject, but there have been a few
pages that I have looked at that describe several steps to get rid of
this trojan.

My biggest problem is that I am not absolutely certain that this is
the peper trojan (or one of its variants). I was wondering if anyone
knew of a way to determine, for certain, that this machine has the
peper trojan.
Click to expand...

The use of a couple of antivirus products should help pin it down.
Here's some products that detect peper with the various alias names
they use:

http://www.virusbtn.com/resources/vgrep/vgrep.cgi?terms=troj/peper&product=0

Sophos has a description and info useful for removal:

http://www.sophos.com/virusinfo/analyses/trojpepera.html

This page claims the registry run key entry characteristic is a clear
sign:

http://www.kephyr.com/spywarescanner/library/pepertrojan/index.phtml

I dunno if Trend's Sysclean handles removal of Peper or not. See d/l
of sys-up at my web site. At least Sysclean should ID Peper since
Trend has detection.


Art
http://www.epix.net/~artnpeg
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Peper Trojan 3
Possible peper trojan 1
"peper" trojan 9
peper trojan downloader 3
Peper Trojan 6
peper trojan 7
Prefetch? 1
Spyware keeps coming back right after scan 7

Top