mspemux.exe ????

[Didie]

Hi

Has anyone heard of this? I just got a Norton message that my
Windows\system 32 had this trojan in it? Can't seem to find anything
at Norton\symantec as to what this puppy is doing........
Thanks Didie

 

[Robert Baer]

Hi

Has anyone heard of this? I just got a Norton message that my
Windows\system 32 had this trojan in it? Can't seem to find anything
at Norton\symantec as to what this puppy is doing........
Thanks Didie

Look at its date; bet it is recent.
Check if it is a running process, most likely it is, and that you
cannot terminate it.
And i bet that the program is in the system subdirectory and that if
you try to delete it, it either cannot be deleted, or it pops back.
See if you can remove it manually from the registry, then re-boot and
as soon as possible bringup the task list and watch for the program and
delete it ASAP (be ready and do that as fast as possible); wait and when
it pops back as a running task, delete it again.
Usually such nasties do not pop back a third time, but watch anyway.
Now that it is gone from the registry and not a running task, you can
delete it from your hard drive.
-gone-
=poof=
!safe! (a least from that proggie).

 

[Nick Skrepetos \(SuperAdBlocker.com\)]

Hello,

You may wish to try Super Ad Blocker with SUPERAntiSpyware:
http://www.superadblocker.com

You also may wish to boot to Safe Mode to perform the scan. Super Ad Blocker
| SUPERAntiSpyware offers several unique features such as using a system
level driver to delete detected items, so pests do not come back once
detected and cleaned.

Super Ad Blocker offers a fully functional 15-day trial. You can scan and
clean your computer and then remove Super Ad Blocker if you do not wish to
keep it. We do appreciate when users support our development efforts by
purchasing the product

If that does not find and/or remove the spyware/adware on your machine, you
can submit a diagnostic and I will diagnose your machine for free and post
the results back to the group and update our rules with anything found:
http://www.superadblocker.com/diagnostic.html?id=nicks

You may also wish to "see" what is running on your computer here:
http://www.fileresearchcenter.com

Nick Skrepetos
SuperAdBlocker.com - SUPERAntiSpyware
http://www.superadblocker.com
http://blogs.superadblocker.com
http://forums.superadblocker.com

** Please note that I am the author of the above programs and sites and I do
have a vested interest in Super Ad Blocker, SUPERAntiSpyware and
FileResearchCenter.com. You, the user, have no obligation to purchase the
software and are free to try the software, clean/fix your system, and then
uninstall.

 

[David H. Lipman]

From: "Didie" <[email protected]>

| Hi
|
| Has anyone heard of this? I just got a Norton message that my
| Windows\system 32 had this trojan in it? Can't seem to find anything
| at Norton\symantec as to what this puppy is doing........
| Thanks Didie

Please submit a sample to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition, unless told
otherwise, Virus Total will provide the sample to all participating vendors.

When you get the report, please post back the exact results.

 

[David H. Lipman]

From: "sngbrdb" <[email protected]>

|
| I am getting the exact same message, and having the same problems
| pinning it down.
|
| 1) Launching an app installer from my computer (eh, the llama
| installer, I can't remember the name at 2:00 am)
|
| 2) Norton identifies a generic trojan horse in the file
| C:\Windows\System32\mspemux.exe ~ (the file I'm running is on another
| drive)
|
| 3) Norton says it can't clean it and has denied access
|
| 4) I go looking for the file ~ not there!
|
| 5) Repeat steps; leave the norton dialog up and the app up ~ go look
| for the file. Not there!!!!
|
| 6) Run full system virus scan with Norton ~ nothing.
|
| 7) Run rootkit revealers; nothing!
|
| What the heck?!?! Didie isn't crazy... I've never seen anything like
| this. Anyone have more thoughts?
|
| Thanks in advance!
|

Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm


* * * Please report back your results * * *