Jump to content


Photo

C:\WINDOWS\TEMP\pJm9KmS1.exe


  • This topic is locked This topic is locked
2 replies to this topic

#1 Macavity

Macavity

    Member

  • New Member
  • Pip
  • 2 posts

Posted 08 July 2004 - 03:54 PM

Recently, after cleaning up a ClearSearch.Net infection (and a none-too-subtle one at that - the programs it needed were a) downloaded right to my desktop and b) tripped my copy of ZoneAlarm), I found this program in my Startup list:

C:\WINDOWS\TEMP\pJm9KmS1.exe

Naturally, since I knew it wasn't something I'd willingly downloaded (and it had never shown its ugly puss before), I killed the process and removed it from the Startup list.

CWShredder doesn't seem to recognize it, Norton AntiVirus says it's not a virus, worm or trojan, and SpyBot: Search And Destroy doesn't seem to recognize it either.

So I was wondering a couple things:

1) Has anyone else come across this particular file before?

2) If so, what is it?

3) Where did it come from?

and 4) Is it safe to remove?

Thanks in advance for any assistance you may be able to provide - and I'll be glad to RAR/ZIP it for anyone who wants to take a look at it (maybe decompile it or something to figure out what the hell it does).

#2 Gwyrox732

Gwyrox732

    Gwy|is|here

  • Helper
  • PipPipPipPipPip
  • 514 posts

Posted 08 July 2004 - 09:37 PM

1) It seems to be randomly named
2) It can be a limitless number of things, malware or no.
3) Almost anywhere
4) Yes, anything in your temporary files are safe to remove (unless, of course, you "opened" a file from a website instead of saving it).
Quote from Original CWS Article at SWI: "There could be other domains involved in the future." ... We've come a long way since then

Malware esan mala, ji mi disaman. SWI ji kikan ekster!

PM me if you know what that says. Whoever gets it right gets put here!
Bagman wins, good job!

#3 Macavity

Macavity

    Member

  • New Member
  • Pip
  • 2 posts

Posted 10 July 2004 - 06:17 PM

Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button