"exhmrgas.exe" - Tech Support

"exhmrgas.exe": Posted by Lukasz M. on February 20th, 2008; No info available anywhere and none my anti virus programs don't pick it
up. It regenerates in the temp folder.
Does anyone know how to remove it ?

thanks
L.; Posted by David H. Lipman on February 20th, 2008; From: "Lukasz M." <mm_k@verizon.net>

| No info available anywhere and none my anti virus programs don't pick it
| up. It regenerates in the temp folder.
| Does anyone know how to remove it ?
|
| thanks
| L.
|

Please submit a sample of "exhmrgas.exe" to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition, unless told
otherwise, Virus Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:scan@virustotal.com?subject=SCAN

When you get the report, please post back the exact results.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp; Posted by LM. on February 21st, 2008; "Sycho" <whodunit@hellifniknow.com> wrote in message
news:47bcac1d.179181800@whyioughta.com...
Yes, this is how I got this virus. eMule.; Posted by LM. on February 21st, 2008; "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:OJ1vj.5653$kD3.3026@trnddc08...
to "exgmrgml" . I found it in windows temp folder. OK, here are the results
of virustotal scan :

File 49exgmrgml19.exe received on 02.20.2008 11:25:35 (CET)
Current status: finished

Result: 5/32 (15.62%)
Compact Print results
Antivirus Version Last Update Result
AhnLab-V3 2008.2.20.0 2008.02.20 -
AntiVir 7.6.0.67 2008.02.20 -
Authentium 4.93.8 2008.02.20 -
Avast 4.7.1098.0 2008.02.20 -
AVG 7.5.0.516 2008.02.20 -
BitDefender 7.2 2008.02.20 -
CAT-QuickHeal 9.50 2008.02.18 -
ClamAV 0.92.1 2008.02.20 -
DrWeb 4.44.0.09170 2008.02.20 Win32.HLLW.Medbod.origin
eSafe 7.0.15.0 2008.02.17 suspicious Trojan/Worm
eTrust-Vet 31.3.5549 2008.02.20 -
Ewido 4.0 2008.02.19 -
FileAdvisor 1 2008.02.20 -
Fortinet 3.14.0.0 2008.02.19 -
F-Prot 4.4.2.54 2008.02.19 -
F-Secure 6.70.13260.0 2008.02.20 -
Ikarus T3.1.1.20 2008.02.20 -
Kaspersky 7.0.0.125 2008.02.20 -
McAfee 5233 2008.02.20 BackDoor-CMQ
Microsoft 1.3204 2008.02.20 -
NOD32v2 2887 2008.02.20 -
Norman 5.80.02 2008.02.19 -
Panda 9.0.0.4 2008.02.20 Suspicious file
Prevx1 V2 2008.02.20 Heuristic: Suspicious File With Outbound
Communications
Rising 20.32.20.00 2008.02.20 -
Sophos 4.26.0 2008.02.20 -
Sunbelt 3.0.884.0 2008.02.19 -
Symantec 10 2008.02.20 -
TheHacker 6.2.9.224 2008.02.19 -
VBA32 3.12.6.1 2008.02.17 -
VirusBuster 4.3.26:9 2008.02.19 -
Webwasher-Gateway 6.6.2 2008.02.20 -
Additional information
File size: 242176 bytes
MD5: 1432af2eaaca8a424e7e22f46ff42d71
SHA1: ceb13840422a07532284204e98f2d3cfe163144d
PEiD: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
packers: UPX
packers: UPX
packers: UPX
Prevx info:
http://info.prevx.com/aboutprogramte...018E00839CDCDD; Posted by David H. Lipman on February 21st, 2008; From: "LM." <mm_k@verizon.net>

| This virus regenerates itself with different names by adding random numbers
| to "exgmrgml" . I found it in windows temp folder. OK, here are the results
| of virustotal scan :
|
| File 49exgmrgml19.exe received on 02.20.2008 11:25:35 (CET)
| Current status: finished
|
| Result: 5/32 (15.62%)
| Compact Print results
| Antivirus Version Last Update Result
| AhnLab-V3 2008.2.20.0 2008.02.20 -
| AntiVir 7.6.0.67 2008.02.20 -
| Authentium 4.93.8 2008.02.20 -
| Avast 4.7.1098.0 2008.02.20 -
| AVG 7.5.0.516 2008.02.20 -
| BitDefender 7.2 2008.02.20 -
| CAT-QuickHeal 9.50 2008.02.18 -
| ClamAV 0.92.1 2008.02.20 -
| DrWeb 4.44.0.09170 2008.02.20 Win32.HLLW.Medbod.origin
| eSafe 7.0.15.0 2008.02.17 suspicious Trojan/Worm
| eTrust-Vet 31.3.5549 2008.02.20 -
| Ewido 4.0 2008.02.19 -
| FileAdvisor 1 2008.02.20 -
| Fortinet 3.14.0.0 2008.02.19 -
| F-Prot 4.4.2.54 2008.02.19 -
| F-Secure 6.70.13260.0 2008.02.20 -
| Ikarus T3.1.1.20 2008.02.20 -
| Kaspersky 7.0.0.125 2008.02.20 -
| McAfee 5233 2008.02.20 BackDoor-CMQ
| Microsoft 1.3204 2008.02.20 -
| NOD32v2 2887 2008.02.20 -
| Norman 5.80.02 2008.02.19 -
| Panda 9.0.0.4 2008.02.20 Suspicious file
| Prevx1 V2 2008.02.20 Heuristic: Suspicious File With Outbound
| Communications
| Rising 20.32.20.00 2008.02.20 -
| Sophos 4.26.0 2008.02.20 -
| Sunbelt 3.0.884.0 2008.02.19 -
| Symantec 10 2008.02.20 -
| TheHacker 6.2.9.224 2008.02.19 -
| VBA32 3.12.6.1 2008.02.17 -
| VirusBuster 4.3.26:9 2008.02.19 -
| Webwasher-Gateway 6.6.2 2008.02.20 -
| Additional information
| File size: 242176 bytes
| MD5: 1432af2eaaca8a424e7e22f46ff42d71
| SHA1: ceb13840422a07532284204e98f2d3cfe163144d
| PEiD: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
| packers: UPX
| packers: UPX
| packers: UPX
| Prevx info:
| http://info.prevx.com/aboutprogramte...018E00839CDCDD
|

Download and execute HiJack This! (HJT)
http://www.spywareinfo.com/~merijn/files/HijackThis.exe

Create a HJT log file and post it in one of the below locations...

{ Please - Do NOT post the HJT Log here ! }

Forums where you can get expert advice for HiJack This! (HJT) logs.

NOTE: Registration is REQUIRED in any of the below before posting a log

Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0

Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html

Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/...splay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malwa..._Here-f37.html
http://gladiator-antivirus.com/forum...?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/...p?showforum=18
http://www.malwarebytes.org/forums/i...hp?showforum=7
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

Similar Posts

Re: SPEWS SLIMES "WindsorFox", "Kevin-!:?)", "Spin Dryer" get the cold shoulder at broadband ng! (Internet & Broadband) by SneakyP
Attention Plus.net Re: SPEWS DOLTS "WindsorFox", "Kevin-!:?)", "SpinDryer" SPAM broadband newsgroup (Internet & Broadband) by !:?)
Attention Plus.Net Re: SPEWS DOLTS "WindsorFox", "Kevin-!:?)", "SpinDryer" SPAM braodband newsgroup (Internet & Broadband) by !:?)
Re: SPEWS DOLTS "WindsorFox", "Kevin-!:?)", "Spin Dryer" SPAM braodbandnewsgroup (Internet & Broadband) by !:?)
Plus.net Question Re: SPEWS DOLTS "Spamjamr", "DLU", "Schmuel Metz"destined for the MADHOUSE! (Internet & Broadband) by !:?)