XPA2008PRO.EXE

[Bob Cunningham]

I first posted this to an XP newsgroup. I now realize this
is a better place for it:

I have this nuisance that appears when I re-boot. It shows
up in Task Manager as XPA2008PRO.EXE. If I'm fast enough, I
can delete it before it starts doing bad things. If I wait
too long, it somehow makes EXPLORER.EXE start using all
available CPU time, so nothing else can run.

When I remove EXPLORER, I have "normal" use of the computer
in that I can run any programs I already have up. But I
can't bring up any new ones. I also can't get a "Start"
button, so for a while I thought there was no way to shut
down. I eventually found a "Shut down" button in Task
Manager.

I have Spyware Doctor with Antivirus 5.5, and it tells me
after a scan that I have a "clean" system, but the nuisance
is back the next time I re-boot.

Has anyone here had experience with this malware, and if so,
can you tell me of antivirus software that has been shown to
eliminate it? Any help anyone can give me will be greatly
appreciated.

 

[David H. Lipman]

From: "Bob Cunningham" <[email protected]>

|
| I first posted this to an XP newsgroup. I now realize this
| is a better place for it:
|
| I have this nuisance that appears when I re-boot. It shows
| up in Task Manager as XPA2008PRO.EXE. If I'm fast enough, I
| can delete it before it starts doing bad things. If I wait
| too long, it somehow makes EXPLORER.EXE start using all
| available CPU time, so nothing else can run.
|
| When I remove EXPLORER, I have "normal" use of the computer
| in that I can run any programs I already have up. But I
| can't bring up any new ones. I also can't get a "Start"
| button, so for a while I thought there was no way to shut
| down. I eventually found a "Shut down" button in Task
| Manager.
|
| I have Spyware Doctor with Antivirus 5.5, and it tells me
| after a scan that I have a "clean" system, but the nuisance
| is back the next time I re-boot.
|
| Has anyone here had experience with this malware, and if so,
| can you tell me of antivirus software that has been shown to
| eliminate it? Any help anyone can give me will be greatly
| appreciated.


Please submit a sample of "XPA2008PRO.EXE" to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition, unless told
otherwise, Virus Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:[email protected]?subject=SCAN

When you get the report, please post back the exact results.

 

[Sycho]

Today Bob Cunningham <[email protected]> in alt.comp.virus on Fri,
22 Feb 2008 14:49:16 -0800 thought that it would be fun to share with
the rest of the class this little ditty..

I first posted this to an XP newsgroup. I now realize this
is a better place for it:

I have this nuisance that appears when I re-boot. It shows
up in Task Manager as XPA2008PRO.EXE. If I'm fast enough, I
can delete it before it starts doing bad things. If I wait
too long, it somehow makes EXPLORER.EXE start using all
available CPU time, so nothing else can run.

When I remove EXPLORER, I have "normal" use of the computer
in that I can run any programs I already have up. But I
can't bring up any new ones. I also can't get a "Start"
button, so for a while I thought there was no way to shut
down. I eventually found a "Shut down" button in Task
Manager.

I have Spyware Doctor with Antivirus 5.5, and it tells me
after a scan that I have a "clean" system, but the nuisance
is back the next time I re-boot.

Has anyone here had experience with this malware, and if so,
can you tell me of antivirus software that has been shown to
eliminate it? Any help anyone can give me will be greatly
appreciated.

Here are a couple of resources to help. I should also recommend that
before you try to remove the malware that you disable System Restore
first.

http://www.prevx.com/filenames/X1181477633367916405-0/XPAC[1].EXE.html

From what I can tell, it appears to be part of the W32.Netsky worm
family.
http://www.geekstogo.com/forum/Computer-infected-Worm-Win32-Netsky-t185216.html

HTH