Notepad.exe Virus

[Guest]

Hello there
I've a couple of Virus related questions. Any help or ideas how to get/make Microsoft fix or aware is appreciated

1. I had the msblast.exe virus long before cnn start talking about it. It always starts a process with a random (RP) name which doesn't allow me to start taskmanager to kill it, neither msconfig to disable msblast. I used another utility to kill the random process and then used mscofig to disable msblast from starting. However, the random process still comes up and I have to kill it with my utility every time I start my computer. msconfig doesn't stop it. Any suggestions on what to do next to get rid of this RP? I did try Mcaffee and Symantec's free Virus desinfecters on the net but they didn't take it awa

2. It seems to me that now NOTEPAD.exe is infected! Here's what happen. When I try to start Notepad, a process called over.exe is started that consumes 90% of the CPU time (under taskmanager) but the real Notepad never appears on the screen. Every time I start Notepad from the start==> run, or in the CMD console another over.exe starts and my system start humming and I can see that it's getting slower.
Any suggestions, recommendations, or pointers on how to reach Microsoft security folks
Thanks

(e-mail address removed)

 

[Robert Moir]

Hello there,
I've a couple of Virus related questions. Any help or ideas how to
get/make Microsoft fix or aware is appreciated.

1. I had the msblast.exe virus long before cnn start talking about
it. It always starts a process with a random (RP) name which doesn't
allow me to start taskmanager to kill it, neither msconfig to disable
msblast. I used another utility to kill the random process and then
used mscofig to disable msblast from starting. However, the random
process still comes up and I have to kill it with my utility every
time I start my computer. msconfig doesn't stop it. Any suggestions
on what to do next to get rid of this RP? I did try Mcaffee and
Symantec's free Virus desinfecters on the net but they didn't take it
away

2. It seems to me that now NOTEPAD.exe is infected! Here's what
happen. When I try to start Notepad, a process called over.exe is
started that consumes 90% of the CPU time (under taskmanager) but the
real Notepad never appears on the screen. Every time I start Notepad
from the start==> run, or in the CMD console another over.exe starts
and my system start humming and I can see that it's getting slower.
Any suggestions, recommendations, or pointers on how to reach
Microsoft security folks? Thanks.

Tried this?
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_REVOP.A

--
--
Rob Moir, Microsoft MVP for servers & security
Website - http://www.robertmoir.co.uk
Virtual PC 2004 FAQ - http://www.robertmoir.co.uk/win/VirtualPC2004FAQ.html

Kazaa - Software update services for your Viruses and Spyware.

 

[MAP]

-----Original Message-----
Hello there,
I've a couple of Virus related questions. Any help or

ideas how to get/make Microsoft fix or aware is
appreciated.

1. I had the msblast.exe virus long before cnn start

talking about it. It always starts a process with a
random (RP) name which doesn't allow me to start
taskmanager to kill it, neither msconfig to disable
msblast. I used another utility to kill the random
process and then used mscofig to disable msblast from
starting. However, the random process still comes up and
I have to kill it with my utility every time I start my
computer. msconfig doesn't stop it. Any suggestions on
what to do next to get rid of this RP? I did try Mcaffee
and Symantec's free Virus desinfecters on the net but
they didn't take it away

2. It seems to me that now NOTEPAD.exe is infected!

Here's what happen. When I try to start Notepad, a
process called over.exe is started that consumes 90% of
the CPU time (under taskmanager) but the real Notepad
never appears on the screen. Every time I start Notepad
from the start==> run, or in the CMD console another
over.exe starts and my system start humming and I can see
that it's getting slower.

Any suggestions, recommendations, or pointers on how to

reach Microsoft security folks?

Thanks.

(e-mail address removed)
.
over.exe may be a trojan

Overview
Alias: BackDoor-UQ [McAfee], Backdoor.Zhang [Kaspersky],
security risk or a "backdoor" program [F-Prot]
Category: RAT: (Remote Administration Tool) A Trojan that
when run, provides an attacker with the capability of
remotely controlling a machine via a "client" in the
attacker's machine, and a "server" in the victim's
machine.

Similar Pests: RAT
Origins
Author: Huaxingln
By This Author: Sweet Heart 1.0b
Date of Origin: January, 2003
Operation
Storage Required: at least 1133KB
Detection Issues: Difficult to detect by design. May hide
from process list. May install with variable names in
variable locations.
Detection and Removal
Automatic Removal: PestPatrol detects this.

PestPatrol removes this.



Manual Removal: Follow these steps to remove Sweet Heart
Yesterday from your machine. Begin by backing up your
registry and your system, and/or setting a Restore Point,
to prevent trouble if you make a mistake.
Stop Running Processes:

Kill these running processes with Task Manager:

stay over.exe


Remove Files:

Remove these files (if present) with Windows Explorer:

stay over.exe




Kelly has provided removal tools for msblast go here

www.kellys-korner-xp.com/xp_tweaks.htm