_A00F6D51DAB.exe

[Huge_Vitae]

Running windows professional XP, _A00F6D51DAB.exe appeared on my system in startup about 5 days ago, I have it disabled at the moment with no adverse effects to my system but I cannot find it anywhere on the net.

 

Anybody else seen it?

 

I can't believe I am the first/only person to query it.

[Huge_Vitae]

I submitted the file to microsoft, they have replied this morning that it is a trojan/Virus.

 

So far Zone Alarm, Windows Defender and Spybot fail to 'see' it, so it might be worth searching your system for the file.

 

I had to remove it manually.

[Elton]

Weird - Google search for it just shows up this thread still.

[Huge_Vitae]

Weird - Google search for it just shows up this thread still.

 

This is what I got back.

 

The Microsoft Malware Protection Center (MMPC) strives to keep you informed about the status of your submission.

This email communicates what we currently know about the file(s) you submitted.

This information is subject to change pending our analysis and a final email response will be sent to you when analysis is complete and definition updates have been published.

 

If you were to scan the files you submitted using Microsoft's Forefront Client Security product, you would see relevant detection information similar to what is displayed below.

 

Submitted Files

=============================================

_A00F6D51DAB.exe [Trojan:Win32/Tibs.V]

[Chris Goddard]

WOW! Huge you is a UNIQUE person then??? (In MORE ways than one as well eh??)

[Newt]

Many of the viruses will spawn and deploy rogue .exe files with totally random names so there could easily be hundreds of thousands of that particular .exe on PCs but all with different names.

 

If you know how, do a registry scan for that file name and delete any entries that contain it.

[Huge_Vitae]

Many of the viruses will spawn and deploy rogue .exe files with totally random names so there could easily be hundreds of thousands of that particular .exe on PCs but all with different names.

 

If you know how, do a registry scan for that file name and delete any entries that contain it.

Done, BUT getting loads of popups saying, your system is at risk etc etc......

 

Firewall is struggling to block them all as it's associated Virus database still can't find any infection.

 

PC isn't running right but no sign of that file back in startup but god knows where it has gone or morphed to.

 

Got this from Microsoft this morning.......

 

Thank you for your submission. Analysis of the file(s) in your submission (20653124) is now complete and this is the final email that you will receive regarding this submission.

 

The Microsoft Malware Protection Center (MMPC) has investigated the following file(s) which we received on 8/18/2008 4:15:39 AM Pacific Time.

If you were to scan the files you submitted using Microsoft's Forefront Client Security product, you would see relevant detection information similar to what is displayed below.

The detection results for the file(s) in your submission are as follows:

 

 

Submitted Files

=============================================

_A00F6D51DAB.exe [Trojan:Win32/Tibs.V]

+---Russian [Trojan:Win32/Vundo.IF]

 

Looks like, for now, they want me to buy their antivirus prog.

[Newt]

Looks like, for now, they want me to buy their antivirus prog.

As opposed to keeping the one that missed the critter? What a strange idea.

 

While your trojan was brand new when you got it, the behavior should have been noted by any AV program with decent heuristics and you would have been warned before the thing was allowed to take any action.

[Huge_Vitae]

As opposed to keeping the one that missed the critter? What a strange idea.

 

While your trojan was brand new when you got it, the behavior should have been noted by any AV program with decent heuristics and you would have been warned before the thing was allowed to take any action.

Yes very true Newt, anyway, after trying to download the trial version of Microsoft Forefront, then realising it is only available in the USA unless you are prepared to give the details and credit card of your, as yet unknown, great great grandchildren. and having a couple of hours spare as it is pouring with rain and no chance to mow the hay or clean out the chickens I decided to have a play.

 

Like I said, I noticed it checking 'startup programs' with windows defender, it did not flag it or warn but just noted it there.

 

I used defender to disable it and, like i said tried to identify it with my AV software.

 

I had a thought, after it was unsuccessfully discovered, that since Defender was disabling it, it might not actually be able to be seen as a running programme, I used ZoneAlarm internet lock to block the internet and enabled the .exe file.

 

Ran a full, deep scan with ZoneAlarm, Defender and Spybot and still nothing other than the bloody annoying 'supposed' anti virus pop ups. ZoneAlarm preventing them from accessing the 'net.

 

Again I ran regedit to remove all the references to the file manually, there were only two, one in search (having used that to look for the file that is normal!)and one in a SpyBot .dll file I again disabled it with Defender.

 

Now a strange number of occurrences, Firstly I updated ZoneAlarm (again) and got the virus database is up to date message, deep system scan, negative.

 

Updated defender and again, nothing.

 

When I updated SpyBot it came up with a new version, on trying to install it consistently failed to update one of the dynamic link library files TrojanIgnore.dll.

 

I tried to manually delete it but got the 'file in use' error even though spybot was not running.

 

I reset my PC, closed all programmes, deleted all the spybot files/directories and registry entries and installed the new SpyBot.

 

As I was doing this my PC flashed "New Update is downloading" (from Microsoft). I have my PC set to download new updates but let me install them rather than auto as I prefer to watch the tech help forum to wait for everybody else to experience the nightmares that a Microsoft update brings on.

 

However, no update was warned nor authorised nor actioned. Very strange.

 

Anyway, I ran the new Spybot prog after a fresh install and scanned my system, nothing picked up again, BUT, the virus/trojan and all its annoying little quirks have gone. MY PC is up to speed and no silly pop ups.

 

Some might think this is a conspiracy, some might think I am mad, they probably do not refer to this post when doing so!

 

I prefer to think, at this stage, that somebody has decided to target only the most intelligent, handsome people on the planet with this virus.

 

And will remain of this opinion until Chris Goddard gets it as well.

[Newt]

ROF.

 

We are using Windows OnCare Live at home and like it well. We had Defender but OnCare is a much better solution IMO. Slightly pricey for a single copy perhaps but since it will load on up to 3 PCs on the single license at no extra cost, a real bargain if you run multiple PCs.

 

At any rate, it is good to hear you are problem free at this point.