• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

sysWOW64 backdoor malware exe's? vipconfig, vmakecab

foraminut

New Member
Messages
1
#1
A spyware program reports in the c:\windows\sys32 folder (NOT where these files are located, actually) 13 'system backdoor' executables in my month old Vista64 Home Premium laptop (ASUS). Names all start with a 'V' and were created 2 weeks ago(8/3/08).
Included are internet connection files (ping, ipconfig, tracert, netstat, and route), as well as makecab, nbtstat, net, getmac, icacls, compare, convert, and protection--- all exe's. All are located in c:\windows\sysWOW64.

I've goooogled and tech'd and sourceforge'd and searched everywhere, but can find no information about any of these files when the first letter is V.

My question is whether I've been invaded or not. I'm an early adopter of lots, except Vista, and don't know my way around it very well. Thanks to all in advance for any help you might be able to offer.
 

My Computer

System One

  • Manufacturer/Model
    ASUS G50
    Memory
    4gb
    Graphics Card(s)
    NVIDIA GEForce 9700M GT 512MB
    Hard Drives
    DUAL CORE INTEL (core2)
    Case
    ALTEC LANSING
    Internet Speed
    BROADBAND
    Other Info
    Splashtop (mini Linux), Express Gate

dinesh

Vista Expert
Vista Guru
Messages
1,333
Location
India
#2
un install your anti virus software, then download and run smitfraudfix, scan your computer using the 2nd, 4th and 5th option. restart the system and install the anti virus software back in the computer. download link:
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
 

My Computer

System One

  • Manufacturer/Model
    Compaq
    CPU
    intel core 2 duo T 5550 @ 1.83 MHz
    Motherboard
    intel 965 chipset family
    Memory
    2 GB DDR 2 SD RAM @ 667 MHz
    Graphics Card(s)
    On board upto 358 MB RAM
    Sound Card
    Onboard
    Monitor(s) Displays
    15"
    Hard Drives
    160 GB WDC

Users Who Are Viewing This Thread (Users: 1, Guests: 0)