Powerprof.exe ??

[Raging Bullwinkle]

Hi all,

I'm wondering if anyone would know what powerprof.exe is?

MSCONFIG shows a reference to a startup process and reg key that does
not look familiar (maybe it was there before but I never noticed it):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
PowerProf = PowerProf.exe

The explorer search function cannot find this .exe file anyplace on my
computer, nor can I find any reference to it at all in the Windows
Help & Support Center. A Google search for "powerprof.exe" only turned
up a bunch of pages with "HijackThis" logs that had been posted to
other forums, but I still do not know what they mean.

Is it a legitimate system file and I'm just being paranoid about it,
or is it something that oughtn't be there and needs to go away? Any
help would be greatly appreciated, 'cos I'm stumped here.

RB

 

[Raging Bullwinkle]

Look at this page: http://www.sarc.com/avcenter/venc/data/backdoor.loxoscam.html

Thanks oneheli.

I had already checked that page, having assumed that it might be a
virus. I do not have any of the symptoms mentioned in that article. I
checked my registry, and also the Autoexec.bat file, and none of the
files or reg keys that were mentioned in the article are there. The
reference in the article to "powerprof" is for a *.dll within a reg
key, not an *.exe.

 

[Raging Bullwinkle]

http://www.spywareguide.com/spydet_502_powerprof_dll.html

Ok, I'll look into that, although I frequently run AdAware with the
current definitions, plus Nortons AV with LiveUpdate, and also TDS-3,
a powerful trojan-scan at http://tds.diamondcs.com.au . Let's see what
happens...

 

[Raging Bullwinkle]

Ok, problem is solved, and the mystery is unraveled!

Someone on tech forum mentioned to me about having seen a post in yet
another forum ( http://computercops.biz/postt34437.html ) about that
powerprof.exe file, and a related Trojan file, mpr16.dll, that I had
recently discovered in my System32 folder. Norton's had nailed
mpr16.dll as being infected with PWS.Hooker.Trojan

Making the connection between the two, I checked in the Norton
quarantine area and sure enough, there is the powerprof.exe file,
harmless as a newborn baby after having been caught and quarantined
along with mpr16.dll as the PWSteal.Trojan.

The remaining reg key is most likely just what was supposed to
activate the Trojan on my system, but if there's no prog to activate,
no problems. Now I can breathe again

RB