Jump to content

Win32/Wowlik.C trojan


Recommended Posts

For the very first time using ESET Smart Security, it appears I have a problem with a reticent trojan. At every reboot and sometimes during regular use I get the following notifications:

 

Threat found in memory!
Operating memory >> explorer.exe(3252)

 

Threat found in memory!
Operating memory >> dllhost.exe(3076)

 

I have no idea if this is a false positive or there is actually an infection. Can someone help me deal with this? Nothing has really changed on my system, except there were a couple of unexpected power outages which generally don't do much other than corrupt a couple forum cookies which are easily replaced. The only anomaly I seem to be having is that I can no longer download anything on any site with IE9 (Vista 32-bit system). After clicking on a download link the Download Manager opens and the file begins downloading as normal. But at the very end, the message "This program could not be downloaded". Firefox, IDM and other downloading utilities have no problem downloading files. I've run through the gamut of suggested fixes for the error message but nothing worked. I have no idea if the above is the cause or if it is even related.
 

Edited by Hapkido
Link to comment
Share on other sites

Sounds like Sirefef.

 

hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN2895

 

Please report back after scanning with the stand alone scanner for Sirefef.

 

 

**Edit : I do have a high belief that you may have other types of malware in addition to Sirefef.

Are you able to update the virus definitions with Eset, and what does a Smart Scan reveal after you checked for Sirefef ?

Edited by Arakasi
Link to comment
Share on other sites

Sounds like Sirefef.

 

hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN2895

 

Please report back after scanning with the stand alone scanner for Sirefef.

 

 

**Edit : I do have a high belief that you may have other types of malware in addition to Sirefef.

Are you able to update the virus definitions with Eset, and what does a Smart Scan reveal after you checked for Sirefef ?

I just downloaded the ESETSirefefCleaner file (using IDM) and will run through the process and report back.

 

Yes, I have no trouble with the ESET auto updates.

 

I'll run another smart scan after I finish with the Sirefef Cleaner.... back in a bit.

Link to comment
Share on other sites

  • Administrators

I don't think that Wowlik and Sirefef are related to each other. Make sure you have the most current signature database 8924 installed and run a full disk scan. Also I'd recommend upgrading to ESET Smart Security version 7 via "Check" or  "Check for update" button in the Update panel.

Link to comment
Share on other sites

I don't think that Wowlik and Sirefef are related to each other.

 

Presumably not, however i was suggesting aside from wowlik there may be others . . .

I have seen a history of Sirefef and Google Redirect V downloading each other, or visa versa .. . .

Link to comment
Share on other sites

@ Marcos... Updated to version 7 with the latest definitions. All went fine. Thanks for that update information.

 

@ Arakasi... Regardless whether Sirefer and wowlik are related, the ESETSirefefCleaner found 1 instance of Wow64 and it was removed. Good call. I then ran a Smart Scan and it found 31 items. However, the first three items were false positives as they were 14+ yr. old jokes (.exe) which are harmless. The other items were all part of Vista Codecs, which I had uninstalled over a year ago, but I chose to delete them anyway.

 

Result:

Good - The download function is now working in IE.

Bad - It removed a legitimate macro in Outlook 2007 which I can easily recreate. The icons on my Quick Launch Bar were all rearranged, but that's NP either.

 

UNLESS something else pops up that is related to this issue, let's call this one resolved. :)

 

Thanks for the quick help. Nice to have this place on its own with new forum software, etc.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...