- Winmgr32.exe/Wingmr.exe worm identified by Symantec as "spybot.worm" - possible variant?
- Posted by Raymond Jean on August 26th, 2004
Hope someone can assist us.
This past week, a number of our computers (Windows XP SP1 with
Symantec AV corporate with latest defitions) have become infected with
a serious worm.
Symantec idenifies it as "spybot.worm", but we believe this to be a
misclassification, as the symptoms are different and Symantec's
removal instructions fail.
In the registry, we find (alternately)
WINMGR32.EXE and/or
WINGMR.EXE
in the Run once, Run Services keys.
However, no files with this name appear on the computer, so we can't
remove them.
After eliminating all registry references to these files, we reboot
the computer, and the registry entries reappear.
Anyone have any ideas or experience with this? It's spreading fast
and we're spending hours working on this without clear progress.
Thanks in advance for any leads or ideas.
- Posted by null@zilch.com on August 26th, 2004
On Thu, 26 Aug 2004 15:32:02 -0500, Raymond Jean
<rjean@nospam.law.tulane.edu> wrote:
Could be MIMAIL:
http://www.trendmicro.com/vinfo/viru...MAIL.P&VSect=T
Could be protoride.s
http://www3.ca.com/securityadvisor/v....aspx?id=39529
Try running the Escan AV Toolkit Utility available via my web site.
NAV is no doubt doing its usual thing of misidentifying malware
Art
http://www.epix.net/~artnpeg
- an error with email involving a "sober worm", i have screen shots. (Help and Support) by markthegrave
- Worm\Spybot (P2P-Worm.Win32.SpyBot.a) (Computers & Technology) by Danny
- worm/spybot.17.t (worm spybot 17t) detected by AVG (Computer Security) by code_wrong
- Warning: New Beagle Worm Variant (Graphics & Designing) by JP Kabala
- 3rd post re Down load Trojan and Worm AutomatAHB : Do not open message sfrom "Microsoft" (Computers & Technology) by Geoff/Elaine
