Results 1 to 16 of 16
  1. #1
    Grant's Avatar
    Grant is offline Member
    Join Date
    Aug 2001
    Posts
    972

    a possible virus?

    can anbody tell me what this extension does? basically my computer starts to reproduce a window and it produces faster than i can close them. i think this might be the culprit...any ideas?

    here is the application:

    vjulmxm.exe

  2. #2
    Sicilian30's Avatar
    Sicilian30 is offline Respected Member
    Join Date
    Sep 2001
    Location
    There is no place like ho
    Posts
    3,688
    Looks like a worm/trojan or a backdoor program. Anything exe is potential virus or dangerous program. However tell me more about where this exe file is running? FOr example in startup? Msconfig? Running as a service. This file does not appear to be a regular windows file. Tell me more on this file.

  3. #3
    Grant's Avatar
    Grant is offline Member
    Join Date
    Aug 2001
    Posts
    972
    Quote Originally Posted by Sicilian30
    Looks like a worm/trojan or a backdoor program. Anything exe is potential virus or dangerous program. However tell me more about where this exe file is running? FOr example in startup? Msconfig? Running as a service. This file does not appear to be a regular windows file. Tell me more on this file.
    alright, well it usually strikes when i post something on this website. after i click the submit button, it starts reproducing itself rapidly.i don't know where this file is running, how would i find out, because I'm not too computer savvy

  4. #4
    Grant's Avatar
    Grant is offline Member
    Join Date
    Aug 2001
    Posts
    972
    hey, i found out i have the w32.spybot.worm but how do i remove it?

  5. #5
    KeyMastur is offline VET
    Join Date
    Sep 2001
    Posts
    7,424
    do you have an anti virus program ??

  6. #6
    Grant's Avatar
    Grant is offline Member
    Join Date
    Aug 2001
    Posts
    972
    yes i do

  7. #7
    KeyMastur is offline VET
    Join Date
    Sep 2001
    Posts
    7,424
    will it not remove it ???

  8. #8
    WiLLpOwEr's Avatar
    WiLLpOwEr is offline Member
    Join Date
    May 2003
    Location
    Living my life to the fullest!
    Posts
    553
    You can download a stinger program from your anti-virus software's website usually.


    A stinger would remove that worm.

  9. #9
    Grant's Avatar
    Grant is offline Member
    Join Date
    Aug 2001
    Posts
    972
    i tried the stinger from McAffee, anyways, i went through this long instruction how to remove it, if I post this response and it doesn't start multiplying, then i have successfully done it

  10. #10
    Grant's Avatar
    Grant is offline Member
    Join Date
    Aug 2001
    Posts
    972
    alright!!!!

  11. #11
    Sicilian30's Avatar
    Sicilian30 is offline Respected Member
    Join Date
    Sep 2001
    Location
    There is no place like ho
    Posts
    3,688
    yes, most trojan's are simple in nature well as far as removal. most backdoor trojan's I say Most, usually don't replicate, because they normally rely on one file to execute. Depending on how complex the programmer wants to make the trojan, determine's how it is used, and how it works.

  12. #12
    Grant's Avatar
    Grant is offline Member
    Join Date
    Aug 2001
    Posts
    972
    i had 54 infected files Sicilian! it sucked and when i went through a second scan after i thought i removed 4 more were infected, anyways, being a complete idiot with computers, i removed a server for WinMx that you were talking about, anyway, i removed it and reinstalled and still the same problem

  13. #13
    hoss827's Avatar
    hoss827 is offline Banned
    Join Date
    May 2003
    Location
    Somewhere in cyberspace..
    Posts
    1,292
    It might be Sub7 trojan...I know the guy that created it, but it doesnt have too many destructive purposes rather then editing the autoexecute file (which is VERY serious) especially if the string "Rundll user,exitwindows" is put into it. Or they can disable your keyboard permanently. If you have sub7 click start, run, type in msconfig, and click the startup and check for any randomly named EXE files, also check the services tab and see if there are any randomly named exe files like you mentioned in your first post. Good luck.

  14. #14
    Sicilian30's Avatar
    Sicilian30 is offline Respected Member
    Join Date
    Sep 2001
    Location
    There is no place like ho
    Posts
    3,688
    Quote Originally Posted by hoss827
    It might be Sub7 trojan...I know the guy that created it, but it doesnt have too many destructive purposes rather then editing the autoexecute file (which is VERY serious) especially if the string "Rundll user,exitwindows" is put into it. Or they can disable your keyboard permanently. If you have sub7 click start, run, type in msconfig, and click the startup and check for any randomly named EXE files, also check the services tab and see if there are any randomly named exe files like you mentioned in your first post. Good luck.
    First off what is an autoexecute file? There is no such thing. If you are referring to the autoexec.bat file, guess what, XP does not even need that file to operate.
    Now if you are referring to an exe file, which could potentially "auto execute", then the term is not autoexecute file. It is simply an executable file loading in as a startup item or as a service.
    Secondly there is about 5-10 different version of this thing. I seriously doubt if this particular person knows who wrote the Sub 7 Trojan.
    Fortunately, this particular trojan opens up a port and this particular virus does not load as a service. So looking for it as this person suggested will be a waste of your time. If you have an updated virus scanner, UPDATED BEING THE KEY WORD HERE, run it. I guarantee it will pick up the sub 7 basing the chance that it isn't something really new. If that is the case, virus programs will catch up with them in a day or so.
    here is something to consider. If you indeed had a backdoor trojan as you mentioned, the simple fact is if the hacker was getting in, and if he did have control of your system, he could've literally done anything. Like delete a dll, ole, or even opened another vulnerbilty or port to tunnel back in. Fact of the matter is, most trojan's, require removal, THEN a patch to be installed to prevent hackers from getting back in and reinfecting your computer. symantec also makes removal tools for free downloads, so that you can clean your computer. Symantec has a very informative website, on just about every virus out there, all you have to do is search for it. they give you instructions on how to remove it, and in most cases points to the tool used to remove it.
    Good luck here are some links to prove my point:
    http://securityresponse.symantec.com...ven.215.a.html
    http://securityresponse.symantec.com...even.2.15.html

    http://securityresponse.symantec.com...seven.215.html


    here are some free tools if you are infected with any viruses that may require you to run a patch to properly clean them. Most you have to run in safe mode.

    http://securityresponse.symantec.com...ools.list.html



    ******Oh by the way, I just read what kind of virus you had, here is a detailed website on how to properly clean it, sounds to me like you still are infected and did not get the virus completely out of the system. Follow these instructions verbatum and see if your problem is fixed. Here is the link:

    http://securityresponse.symantec.com...ybot.worm.html

  15. #15
    Grant's Avatar
    Grant is offline Member
    Join Date
    Aug 2001
    Posts
    972
    At least I know I'm thinking at the same level as a computer expert. I followed those directions a couple of days ago and I removed the virus. But about the Winmx problem....how do i fix that...i removed a file that had a zero value that had something to do with a socks proxy server...now I can't get on winmx.....Sicilian, if you want you can give me your email addy or we can keep corresponding like this...thanks for your help so far bro!

  16. #16
    Sicilian30's Avatar
    Sicilian30 is offline Respected Member
    Join Date
    Sep 2001
    Location
    There is no place like ho
    Posts
    3,688
    I think I know your problem. Go into winmx, as if to open it, it may not connect. Then click on "settings", then outgoing TCP connections. click on "Don't use Socks Proxy (connect directly). That will probally do it. Sock Proxies are used when you have a firewall that wants to get out using secure socks proxy. Older firewalls and proxy's use this feature. ICQ uses socks on some Proxy servers etc.
    If this does not work, PM me I will see if I can help you.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •