Have I got a virus?

Martin ©¿©¬ postmaster · Aug 27, 2004

Greetings
I scanned my system with F-Prot for windows and got the following:
==========================================
muamgrd.exe in c:\windows\system32\ suspicious file
Is a security risk named w32/Sdbot.QS
Cannot delete file
And
serm32.exe in c:\windows\system32\ suspicious file
Is a security risk named w32/Spybot.TX
Cannot delete file
=================
Am I infected?

Martin
©¿©¬

null · Aug 27, 2004

On Fri, 27 Aug 2004 12:25:03 +0100, Martin ©¿©¬

Greetings
I scanned my system with F-Prot for windows and got the following:
==========================================
muamgrd.exe in c:\windows\system32\ suspicious file
Is a security risk named w32/Sdbot.QS
Cannot delete file
And
serm32.exe in c:\windows\system32\ suspicious file
Is a security risk named w32/Spybot.TX
Cannot delete file
=================
Am I infected?

Upload suspect files for av scanning here:

http://virusscan.jotti.dhs.org/

If other scanners don't alert, submit the files to FSI.

Art
http://www.epix.net/~artnpeg

xmp · Aug 27, 2004

Upload suspect files for av scanning here:

http://virusscan.jotti.dhs.org/

If other scanners don't alert, submit the files to FSI.

Spybot is a common worm, also seems to be a trojan name too. Symantec
and other sites have plenty of info on it.

michael

null · Aug 27, 2004

Spybot is a common worm, also seems to be a trojan name too. Symantec
and other sites have plenty of info on it.

1. There are many variants.
2. Getting descriptions of recents variants isn't always possible.
3. Some AV scanners tend to have broad detections of Trojans leading
to misidentifications. (Not so much F-Prot though). It's always a good
idea to get the "opinions" of several other scanners and see what
malware names and variant they ID, if any. Also scanners sometimes
false alarm.

Art
http://www.epix.net/~artnpeg

Martin ©¿©¬ martin · Aug 27, 2004

Upload suspect files for av scanning here:
http://virusscan.jotti.dhs.org/

Hi Art
I've got rid of serm32.exe
But I can't find muamgrd.exe anywhere, yet F-Prot keeps flagging it

Any further help please
Martin

null · Aug 27, 2004

Hi Art
I've got rid of serm32.exe
But I can't find muamgrd.exe anywhere, yet F-Prot keeps flagging it

See Response #5 here:

http://www.computing.net/windowsxp/wwwboard/forum/112662.html

I found no descriptions of the .QS variant. You can see what other AV
call it here:

http://www.virusbtn.com/resources/vgrep/vgrep.cgi?terms=spybot.qs&product=0

Do you see it as a running process that can be killed? Have you run
F-Prot in Safe mode?

Art
http://www.epix.net/~artnpeg

Martin ©¿©¬ · Aug 28, 2004

See Response #5 here:
http://www.computing.net/windowsxp/wwwboard/forum/112662.html

Hi Art
Read response 5 and after a couple of tries I seen to have removed
muamgrd. When I ran F-Prot it reported:
muamgrd.exe in c:\windows\system32\ suspicious file
Is a security risk named w32/Sdbot.QS
**File deleted**

Thanks for your help
Regards
Martin
©¿©¬

F-Prot False Positve Alerts on AVG archive/.exe	3	Dec 13, 2004
What is W32/Tibs.UT ?	1	Aug 8, 2007
Security Risk- suspicious file	10	Feb 15, 2004
lsass.exe - access denied	5	Apr 25, 2006
USA Missle Strike: Iran War just have started	2	Apr 9, 2007
New virus (price.cpl - Bagle varient) and current Virus-Total results	26	Sep 13, 2005
New virus - VERY DANGEROUS!	62	Jul 14, 2005
NOD32 missed this one	4	Dec 17, 2007

Have I got a virus?

Martin ©¿©¬ postmaster

null

xmp

null

Martin ©¿©¬ martin

null

Martin ©¿©¬

Ask a Question

Similar Threads