Hi,
I get, a program named mmlbbaffed.exe that start at system boot time.
This program seat in system32 and seems to manage a file named
mmlbbaffed.dat also in system32
Both files are invisible to the explorer even when i set all options to see
everything :-(
Does someone has an idea of what & where this program come from. Google was
not my friend in this case.
Regards
From: "philippe" <coustaux-philippe@ns.wanadoo.fr>
| Hi,
|
| I get, a program named mmlbbaffed.exe that start at system boot time.
| This program seat in system32 and seems to manage a file named
| mmlbbaffed.dat also in system32
|
| Both files are invisible to the explorer even when i set all options to see
| everything :-(
|
| Does someone has an idea of what & where this program come from. Google was
| not my friend in this case.
|
| Regards
Please submit a sample of "mmlbbaffed.exe" to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition, unless told
otherwise, Virus Total will provide the sample to all participating vendors.
You can also submit a suspect, one at a time, via the following email URL...
mailto:scan@virustotal.com?subject=SCAN
When you get the report, please post back the exact results.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
"David H. Lipman" <DLipman~nospam~@Verizon.Net> a écrit dans le message de
news:k0f6i.5459$UD2.651@trnddc05...
> From: "philippe" <coustaux-philippe@ns.wanadoo.fr>
>
> | Hi,
> |
> | I get, a program named mmlbbaffed.exe that start at system boot time.
> | This program seat in system32 and seems to manage a file named
> | mmlbbaffed.dat also in system32
> |
> | Both files are invisible to the explorer even when i set all options to
> see
> | everything :-(
> |
> | Does someone has an idea of what & where this program come from. Google
> was
> | not my friend in this case.
> |
> | Regards
>
>
> Please submit a sample of "mmlbbaffed.exe" to Virus Total --
> http://www.virustotal.com/flash/index_en.html
> The submission will then be tested against many different AV vendor's
> scanners.
> That will give you an idea what it is and who recognizes it. In addition,
> unless told
> otherwise, Virus Total will provide the sample to all participating
> vendors.
>
> You can also submit a suspect, one at a time, via the following email
> URL...
> mailto:scan@virustotal.com?subject=SCAN
>
> When you get the report, please post back the exact results.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
Thanks David,
I don't know this service but i submit the file. It's great.
My mmlbbaffed files seems to be not so clean and looks a Navipromo pest.
Here are the results :
Complete scanning result of "mmlbbaffed.exe", processed in VirusTotal at
05/27/2007 17:28:45 (CET).
[ file data ]
* name: mmlbbaffed.exe
* size: 357888
* md5.: 11e0ff65b307373b501a2fe7b5d6eefe
* sha1: b9519ba02ecaf6cd183a8ab04c1c71ac8a79b285
[ scan result ]
AhnLab-V3 2007.5.24.0/20070525 found nothing
AntiVir 7.4.0.27/20070525 found [HEUR/Malware]
Authentium 4.93.8/20070523 found nothing
Avast 4.7.997.0/20070527 found nothing
AVG 7.5.0.467/20070527 found nothing
BitDefender 7.2/20070527 found nothing
CAT-QuickHeal 9.00/20070526 found [(Suspicious) - DNAScan]
ClamAV devel-20070416/20070527 found nothing
DrWeb 4.33/20070526 found nothing
eSafe 7.0.15.0/20070524 found [Suspicious Trojan/Worm]
eTrust-Vet 30.7.3665/20070526 found nothing
Ewido 4.0/20070527 found nothing
F-Prot 4.3.2.48/20070525 found nothing
F-Secure 6.70.13030.0/20070527 found nothing
FileAdvisor 1/20070527 found nothing
Fortinet 2.85.0.0/20070527 found nothing
Ikarus T3.1.1.8/20070527 found [not-a-virus:AdWare.Win32.NaviPromo]
Kaspersky 4.0.2.24/20070527 found nothing
McAfee 5039/20070525 found nothing
Microsoft 1.2503/20070527 found nothing
NOD32v2 2292/20070525 found nothing
Norman 5.80.02/20070525 found nothing
Panda 9.0.0.4/20070527 found [Adware/NaviPromo]
Prevx1 V2/20070527 found nothing
Sophos 4.18.0/20070525 found nothing
Sunbelt 2.2.907.0/20070526 found [VIPRE.Suspicious]
Symantec 10/20070527 found [Trojan.Skintrim]
TheHacker 6.1.6.123/20070525 found nothing
VBA32 3.12.0/20070526 found nothing
VirusBuster 4.3.23:9/20070526 found nothing
Webwasher-Gateway 6.0.1/20070527 found [Heuristic.Malware]
[ notes ]
packers: PECOMPACT
packers: PecBundle, PECompact
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats
that are deemed suspicious through heuristics.
__________________________________________________
VirusTotal is a free service offered by Hispasec Sistemas. There are no
guarantees about the availability and continuity of this service. Do not
reply to this message. It has been generated by an automatic address that
will not handle any reply. Although the detection rate afforded by the use
of multiple antivirus engines is far superior to that offered by just one
product, these results DO NOT guarantee the harmlessness of a file.
Currently, there is not any solution that offers a 100% effectiveness rate
for detecting viruses and malware.
From: "philippe" <coustaux-philippe@ns.wanadoo.fr>
| Thanks David,
|
| I don't know this service but i submit the file. It's great.
| My mmlbbaffed files seems to be not so clean and looks a Navipromo pest.
|
| Here are the results :
|
| Complete scanning result of "mmlbbaffed.exe", processed in VirusTotal at
| 05/27/2007 17:28:45 (CET).
|
| [ file data ]
| * name: mmlbbaffed.exe
| * size: 357888
| * md5.: 11e0ff65b307373b501a2fe7b5d6eefe
| * sha1: b9519ba02ecaf6cd183a8ab04c1c71ac8a79b285
|
| [ scan result ]
| AhnLab-V3 2007.5.24.0/20070525 found nothing
| AntiVir 7.4.0.27/20070525 found [HEUR/Malware]
| Authentium 4.93.8/20070523 found nothing
| Avast 4.7.997.0/20070527 found nothing
| AVG 7.5.0.467/20070527 found nothing
| BitDefender 7.2/20070527 found nothing
| CAT-QuickHeal 9.00/20070526 found [(Suspicious) - DNAScan]
| ClamAV devel-20070416/20070527 found nothing
| DrWeb 4.33/20070526 found nothing
| eSafe 7.0.15.0/20070524 found [Suspicious Trojan/Worm]
| eTrust-Vet 30.7.3665/20070526 found nothing
| Ewido 4.0/20070527 found nothing
| F-Prot 4.3.2.48/20070525 found nothing
| F-Secure 6.70.13030.0/20070527 found nothing
| FileAdvisor 1/20070527 found nothing
| Fortinet 2.85.0.0/20070527 found nothing
| Ikarus T3.1.1.8/20070527 found [not-a-virus:AdWare.Win32.NaviPromo]
| Kaspersky 4.0.2.24/20070527 found nothing
| McAfee 5039/20070525 found nothing
| Microsoft 1.2503/20070527 found nothing
| NOD32v2 2292/20070525 found nothing
| Norman 5.80.02/20070525 found nothing
| Panda 9.0.0.4/20070527 found [Adware/NaviPromo]
| Prevx1 V2/20070527 found nothing
| Sophos 4.18.0/20070525 found nothing
| Sunbelt 2.2.907.0/20070526 found [VIPRE.Suspicious]
| Symantec 10/20070527 found [Trojan.Skintrim]
| TheHacker 6.1.6.123/20070525 found nothing
| VBA32 3.12.0/20070526 found nothing
| VirusBuster 4.3.23:9/20070526 found nothing
| Webwasher-Gateway 6.0.1/20070527 found [Heuristic.Malware]
|
| [ notes ]
| packers: PECOMPACT
| packers: PecBundle, PECompact
| Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats
| that are deemed suspicious through heuristics.
|
Hi Phillipe:
I see you are French.
The author of the following Navilog1 tool, Il-Mafioso, is also French.
He has written this tool specifically for NaviPromo.
Navilog1 version 2.x zipped:
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.zip
Navilog1 version 2.x unzipped:
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
philippe wrote:
> Hi,
>
> I get, a program named mmlbbaffed.exe that start at system boot time.
> This program seat in system32 and seems to manage a file named
> mmlbbaffed.dat also in system32
>
> Both files are invisible to the explorer even when i set all options to
> see
> everything :-(
>
> Does someone has an idea of what & where this program come from. Google
> was
> not my friend in this case.
>
> Regards
get avg anti rootkit and run immediatly. If you need to find the file, and
rootkit doest detect it, boot up from a winpe variant, such as bartpe, and
then you will be able to navigate to the file and remove it.
Gaz
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote