Aces High Bulletin Board
General Forums => The O' Club => Topic started by: Furball on May 03, 2006, 04:10:44 PM
-
got a nasty virus called exmodul32.exe
anyone know if there is a fix?
-
I just got one called Service32.
Its pissing me off.
-
this one keeps trying to send emails i think... keep blocking it with my firewall each time it changes name. Also disables my anti virus (which doesnt recognise it)
-
hijack this
or is it hijack that lmao i forgot.
-
If Ewido (http://www.ewido.net/en/) can't fix it, it's probably time for a quick format/re-install. Good news is you can do that in under an hour if you have your stuff together.
There's threads on it here (http://forum.avast.com/index.php?PHPSESSID=702f7ef5ec07dcf671a33610a0191817&topic=19474.0), here (http://forum.kaspersky.com/index.php?showtopic=13019), and a brazillian solution that needs to be translated (http://www.commentcamarche.net/forum/affich-2090178-xxexmodulae-exe-inconu-du-web).
Looks like a particularly obnoxious piece of mailer malware. Good luck :(
-
Avast home is free and will fix, and prevent most any infections.
http://www.avast.com/
Avast also has a free on line cleaner:
http://www.avast.com/eng/avast_cleaner.html
Avast Home has kept all my computers safe for years, free.
-
thanks guys, think i got rid of it following this link: http://austinwolfclaw.livejournal.com/
nasty bit of work that one... its nuked my NAV completely!
-
Originally posted by BlueJ1
I just got one called Service32.
Its pissing me off.
This is pretty easy to get rid of in most cases. I had it, and fixed it pretty quick.
At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.
Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.
Locate the HKEY_LOCAL_MACHINE entry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Kernel Services = \system32\service32.exe
Delete it if its there, then close the editor.
-
Thankyou Morpheus sir. You helped out greatly.
Sir.
-
I'm running AVG Free. So far, no issues. But once a week I hit a few of the online free scans to be sure (Symantec's, TrendMicro, etc)
-
I had one that I couldnt get rid of, I had to use this
http://housecall.trendmicro.com/
-
AVG and Avast have some of the worst hit rates of any virus scanners available. Their response to new virus's is terrible.
If you use AVG and Avast and get a virus (which is highly likely) you totally deserve it.
Top performers are McAfee, NOD32, Symantec, and Trend Micro (I use McAfee, hear good things about NOD32, hate symantec).
-
Originally posted by Vulcan
AVG and Avast have some of the worst hit rates of any virus scanners available. Their response to new virus's is terrible.
If you use AVG and Avast and get a virus (which is highly likely) you totally deserve it.
Top performers are McAfee, NOD32, Symantec, and Trend Micro (I use McAfee, hear good things about NOD32, hate symantec).
4 years and Avast has not failed me or dozens of my customers.
Where did you get your information? McAfee? was it $30?
-
Originally posted by Vulcan
If you use AVG and Avast and get a virus (which is highly likely) you totally deserve it.
And if everyone was just like you on what would you base your superiority Sir.
-
Originally posted by Vulcan
AVG and Avast have some of the worst hit rates of any virus scanners available. Their response to new virus's is terrible.
If you use AVG and Avast and get a virus (which is highly likely) you totally deserve it.
Top performers are McAfee, NOD32, Symantec, and Trend Micro (I use McAfee, hear good things about NOD32, hate symantec).
Oh please, Vulcan, as if your endorsement of anything means anything around here.
-
I had mcafee for 3 years. It never once operated as advertised. I scheduled scans and upgrade checks. It wouldn't scan and the update checks were done at random, usually while I was in the middle of something else with my computer. Tech support was no help telling me to reconfigure the "options" in the program. I did that repeatedly to no effect. I finally had to block the update operation using a firewall. After the service expired I had to delete the damn thing 3 times as it kept rising from the dead like a freaking vampire and reinstalling itself then notifying me that the service was expired and it wouldn't do anything but continue to "remind" me to re up for another year. :mad:
After I deleted it again and uploaded AVG the AVG scan found a virus on my system that mcafee didn't see. :mad: AFAIAC mcafee IS a virus.:furious
-
It's gotten to the point where once your system is compromised, you might as well nuke it from orbit, it's the only way to be sure.
There's a lot of malware that'll rootkit your system, and it'll become almost impossible to properly sterilize the machine. Webs of programs that will monitor each others processes and restart any that are killed, same with watching registry locations, etc.
Having an AV solution is fine, but you can get a lot of the same benefits by using a bit of judgement. For example, put your machine behind a router. There's nothing about a router that makes you invicible, but it prunes about 95% of the casual attacks. Next, stop downloading and running every Golly-geened elf bowling executable your friends tell you about. If it ain't flash or HTML, I probably am not going to run it unless I've done the 30 seconds of homework on Google to find out if there's spyware included.
Oh, and don't use Internet Explorer. IE users bring a warm feeling to the sub-cockles region of a cracker's heart because the number of inherent flaws in IE's security model is so high.
Also, I don't care how paranoid you are about "teh evul bill gatES!!!", set your Windows machines to automatically download and apply updates. When Microsoft reprograms your computer to rips itself out of the wall socket and go on a killing rampage through your neighborhood, you can yell at me, but in the meantime, keep it patched to avoid unnecessary trouble.
Finally, stop using Microsoft Outlook. I know, I know, you like it that you can have a calender entry linked to a spreadsheet that shows exactly when you have lunch scheduled each day with collaborative online lunch planning (The rest of us just use this thing called a 'phone'), but it's a hive of scum and villainy. You'd best be cautious.
-
Originally posted by LePaul
Oh please, Vulcan, as if your endorsement of anything means anything around here.
Its not just me, all the major AV testing labs say the same things over and over.
Maverick: I've used McAfee for near on 5 years now on a minimum at any one time of 5 PCs concurrently. Never had a problem.
-
Well, let me say a few things. If you have a virus nothing seems to pickup, try the microsoft safety scanner. Yes, I know, the same company that makes the damn viruses cures 'em, odd isn't it? Well, just happens that it works and its free. Its an online scanner tool at: http://safety.live.com
Just download the tools and your ready to scan. Note, it's an anti-virus scanner, dont expect it to be finished in20 - 30 minutes. On my small Hard-Drive it takes almost 60 minutes! And I only use it when I know / think im infected with something. Picks up mostly everything I know / think im infected with.
Also, as for you Vulcan. AVG anti-Virus is a great prog. I used to have Norton, did weekly scans, updated weekly on wednesday when they always released an update. And the dumb program didnt find any viruses! My comp by now can barely breathe because of all the spyware, malware, trojan horses, viruses, etc. So I get FREEWARE from AVG. Picks up 75 FILES!!!:eek: And will you believe it, when I attempted to un-install norton. It wouldn't work and "branded" itself into my computer when I attempted to manually remove it. I propably still have about 50 files from that dumb machine on my computer! Afterwards I got the full version of AVG, Lavasoft Anti-Spyware, and Microsoft Anti-Spyware.
The three working together are like a miracle! You just have to remember to update daily, and perform weekly scans on all three machines.
-
Try this to fix. I just got hit by a wonderful Trojan/Worm tried to send out emails as well as lock things up, it also somehow deactivated my Norton antivirus. For me it was file 73exmodul32.exe that was causing it, took a while but I found this solution on a French website, posted by a Brazilian in English, as mentioned above. Thought I’d spread the word. I did all my searches with exmod >>>
This was the sequence of actions I used to get rid of these damn files:
Check the processes of Windows Task Manager for .exe files with numbers followed by "exmodula" plus a letter, for example:
46exmodulag.exe
As it was written above, this name varies, in my computer I had several different files, some using "exmodulaf" and "exmodulag". End the process.
Next, go to your
C:\Documents and Settings\Rafael\Local Settings\Temp\
where "Rafael" varies according to the username on your computer. You’ll find several files that follow the format described above. (**exmodula*.exe). Delete them.
Now perform a search on your registry for the "exmodula" word you’ll probably find references to it in the HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List key. In this key you’ll find something like this:
C:\DOCUME~1\Rafael\LOCALS~1\Temp\46exmodulag.exe:*:Enabled:Microsoft Update
What this key does is to create a fake entry on Windows Firewall under the name "Windows Update" for each new **exmodula*.exe file it creates. Remove this entry from the registry.
I thought this was enough, but no, those damn files kept coming back after a while!
So I ran HijackThis 1.99.1 (wonderful little program by the way) and it found the file smss.exe (file responsible for automatic windows updates) running in the C:\WINDOWS\system\ folder, which is wrong. This file is responsible for generating the **exmodula*.exe files. Delete it.
NOTICE: the smss.exe file running under C:\WINDOWS\system32\ is a legal file, do not touch it!
<<>>
Now search your registry for smss.exe and you’ll find references to it under these keys, delete them.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_USERS\...\Software\Microsoft\Windows\ShellNoRoam\MUICache
<<>>
Found this repair via Google. Recommend all to download Windows Defender- A Great Program.
Good Luck
Oz
-
IE works great if you set it up right. I block all cookies except site session cookies and disable axtive x as well. Skuzzy had a post in tech support
on how to properly set IE up, worth a look. :cool:
-
That's what I do as well and have had a clean machine for some time.
-
I've been virus / malware free for 4 years with no protection whatsoever (ZA pissed me off after a year) ... are you tards visiting every freakin site you find?!
-
Originally posted by Deth7
IE works great if you set it up right. I block all cookies except site session cookies and disable axtive x as well. Skuzzy had a post in tech support
on how to properly set IE up, worth a look. :cool:
Or, you download FireFox with IE, install it, and forget it all. :aok
-
i do all my web stuff on my mac. PCs are for games, IMSMJO (SMJ = snobbish mac jerk, it is as close as we get to humble)
u ---> (http://www.adblogarabia.com/wp-content/ImaPC..ImaMac.jpg)
-
Originally posted by Debonair
i do all my web stuff on my mac. PCs are for games, IMSMJO (SMJ = snobbish mac jerk, it is as close as we get to humble)
Heheh, good luck, there are many explotis kicking around for Macs. The biggest difference is that there is very little on a Mac to let you know you've been done. Mac desktops aren't bad, Mac servers are horribly bad for security.
Average Mac users reaction to security issues involves burying a head in the sand.
-
HAHAHAHAHAHA!!!
-
Originally posted by Vulcan
Heheh, good luck, there are many explotis kicking around for Macs. The biggest difference is that there is very little on a Mac to let you know you've been done. Mac desktops aren't bad, Mac servers are horribly bad for security.
HA HA HA!
Fantastic, thanks for the laugh! If you were serious, of course I'd ask you to provide a citation or two, but that's from so far out of left field...
-
i think the average mac use & the average pc user are likely similar, they both spend the majority of their time looking at online pornography. maybe the mac jerks spends a bit more time downloading music & the average pc guy has an extra 10/hrs a day to put in playing wow. i dont think it is as you make it out to be that the average pc user is an uber pro sysop that has been on top of security issues since SATAN was available & the mac guy is sitting there drooling, giggling & saying (out loud, to himself) "d00d!!1 i just turned on teh computr & no i kan see teh intarnet!!!!1".
any tool available for 'nix you can operate with a mac (or your dual boot PC)
-
Originally posted by Chairboy
HA HA HA!
Fantastic, thanks for the laugh! If you were serious, of course I'd ask you to provide a citation or two, but that's from so far out of left field...
Well chairboy, in the last 3 months at work I've seen 1 comprimised Mac web server, one comprimised Mac email server, and one Mac laptop which was phoning home to somewhere and none of the Mac techies could identify what was going on.
None of the above systems had AV, IPS< or Antispyware (there isn't really any for the Mac). They were setup by Mac engineers who are about as qualified as a Mac engineer could get.
Go over to zone-h, they have 30 pages of comprimised Mac servers. And those are the ones which are only hit by taggers. Heck 2 months Apple korea's own website got nailed, and I know of some other 'Apple' sites that have been done.
And of course in my job I keep an eye on all the security info that moves around from the dark recess's of the web. Theres a lot more exploits been hitting the Mac's that are still undocumented.
So, there you go. Good luck cleaning that sand out from your ears ;)
-
Originally posted by Debonair
i think the average mac use & the average pc user are likely similar, they both spend the majority of their time looking at online pornography. maybe the mac jerks spends a bit more time downloading music & the average pc guy has an extra 10/hrs a day to put in playing wow. i dont think it is as you make it out to be that the average pc user is an uber pro sysop that has been on top of security issues since SATAN was available & the mac guy is sitting there drooling, giggling & saying (out loud, to himself) "d00d!!1 i just turned on teh computr & no i kan see teh intarnet!!!!1".
any tool available for 'nix you can operate with a mac (or your dual boot PC)
Take 10 Mac users, how many do you think will have AV, Antispyware, and perhaps a personal firewall. Do the same with 10 Windows users. The difference is astounding. PC users are on average more paranoid about security, Mac users on average are extremely relaxed about security.
-
Well, i guess the whole part about me being a computer security expert gets in the way of my anti-mac zealotry. Can you provide any specifics about how the Macs were compromised? What criteria did you apply to determine that they were rooted or infected?
FYI, "the hard drive light keeps flashing" is not the answer.
-
take 10 of each, PC & mac.
what % of PCs has exmodul32.exe pwning it & what % of macs.
why are we more relaxed?
-
Originally posted by Chairboy
Well, i guess the whole part about me being a computer security expert gets in the way of my anti-mac zealotry. Can you provide any specifics about how the Macs were compromised? What criteria did you apply to determine that they were rooted or infected?
FYI, "the hard drive light keeps flashing" is not the answer.
The desktop was trying to phone home to a .ru address every 30 mins (firewall was blocking it as a proxy bypass site). The guy that used it didn't think there was anything wrong with his machine so couldn't stuffed to check any further - its a Mac after all. The web server was comprimised via an SSH exploit, and the email server via SMTP exploit.
I don't run our networks, but our IT guys phone me for support when things get 'difficult', and I run several layer 7 devices on the network. My role is essentially a pre-sales engineer, the products I'm trained/skilled in are layer 7 firewalls, IDP and IPS systems, email security appliances, all kinds of switching rubbish, and SSL appliances.
So, I'm not a computer security guy, more a network security guy - you know the guys that spot the crap that computer security guys don't pick up ;)
-
Originally posted by Debonair
take 10 of each, PC & mac.
what % of PCs has exmodul32.exe pwning it & what % of macs.
why are we more relaxed?
Because there are a 100 - 1000 PC's for ever mac out there if not more.
Because there are very few people who know enough about the inside workings of a mac to create a truly nasty virus for it. Where there are millions who could do the same for PC's.
That doesn't mean your better than anyone else.
Just slightly less at risk, today.
Just remember, the more people you convert, the more macs are out there, the more tempting the target becomes. The more likely someone will taylor a virus to take the macs out.
So best perhaps to sit down, be quite & hope for the best?
-
Actually its more like 25:1 on shipments at the moment :)
The problem is the landscape has changed on security. People are less into spreading nasty virus's and more into holding onto their exploits for other purposes. We know for sure that there are exploits kicking around for OS X that haven't been identified but Mac users go into some sort of rabid denial model when you corner them on it.
-
some of teh ubr 1337 PC admin gods get rabidly angry when some1 suggests different thinking
-
Originally posted by Debonair
some of teh ubr 1337 PC admin gods get rabidly angry when some1 suggests different thinking
Yeah, sometimes its lack of knowledge, sometimes its a case of the devil you know versus the devil you don't. I'm surrounded by Mac people, technical Mac people. OS X is just BSD Unix with a GUI slapped on and a lot of marketing thrown at it. And its an old version, which hasn't kept up in patches. The GUI has also introduced 'issues', widgets is a good example of that.
I'm no less scathing of linux geeks either :)
-
Well I've said it before and I'll say it again....................... NOD32 anti virus
When are men gonna listen?
http://Http://www.nod32.com
Its only $35 guys
-
Originally posted by Vulcan
Actually its more like 25:1 on shipments at the moment :)
The problem is the landscape has changed on security. People are less into spreading nasty virus's and more into holding onto their exploits for other purposes. We know for sure that there are exploits kicking around for OS X that haven't been identified but Mac users go into some sort of rabid denial model when you corner them on it.
:rofl :rofl :rofl :rofl
-
Originally posted by dmf
Well I've said it before and I'll say it again....................... NOD32 anti virus
When are men gonna listen?
http://Http://www.nod32.com
Its only $35 guys
^^ what he said. I actually sell McAfee nowadays, but NOD32 always ranks in the #1 or #2 spot for performance/detections. Theres a top 4 group, McAfee, Symantec, NOD32, Trend - they always are within spitting distance in detection. NOD32 always seems to rank high, Symantec is a resource hog, some people report the same about McAfee (not in my personal experience though), and Trend isn't a bad choice either.
-
Originally posted by Vulcan
Yeah, sometimes its lack of knowledge, sometimes its a case of the devil you know versus the devil you don't. I'm surrounded by Mac people, technical Mac people. OS X is just BSD Unix with a GUI slapped on and a lot of marketing thrown at it. And its an old version, which hasn't kept up in patches. The GUI has also introduced 'issues', widgets is a good example of that.
I'm no less scathing of linux geeks either :)
how about solaris nerds?
-
Originally posted by Debonair
how about solaris nerds?
Don't get me started on them! (had a nasty network issue recently where a solaris nerd configured a conflicting subnet for a blade servers internal network.... web server chaos ensued).