Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
Aug 8th, 2008, 1:56pm
   Mischel Internet Security Forum
   Malware
   Adware, Browser Hijackers and other Malware (Moderators: Helena, Gavin_Coe, Magnus)
   wpndlaaa.exe  in C:\Windows\System32 dir		 « Previous topic | Next topic »
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: wpndlaaa.exe  in C:\Windows\System32 dir  (Read 455 times)
FredH
Newbie
*





   


Posts: 2
wpndlaaa.exe  in C:\Windows\System32 dir
« on: Jun 23rd, 2006, 3:43pm »		 Quote Quote  Modify Modify
Anyone seen this? Can't find anything online. Their was a wpndlaaa.exe running as a process name with CPORTS (NirSoft utility). TH found this, but not sure what it is.
 
HiJack this see this as:  
O4 - HKCU\..\Run: [wpndlaaa] C:\WINDOWS\system32\wpndlaaa.exe  
 
Thanks.
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5576
Re: wpndlaaa.exe  in C:\Windows\System32 dir
« Reply #1 on: Jun 24th, 2006, 2:02am »		 Quote Quote  Modify Modify
Welcome to the forum FredH,   Cheesy
 
I recommend that you submit the file for analysis per the instructions at the link below.
 
http://forum.misec.net/board/FAQ/1139308293
« Last Edit: Jun 24th, 2006, 2:02am by siliconman01 » IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
FredH
Newbie
*





   


Posts: 2
Re: wpndlaaa.exe  in C:\Windows\System32 dir
« Reply #2 on: Jun 24th, 2006, 9:32am »		 Quote Quote  Modify Modify
Danka Silcionman,  
 
TH whacked it already. No file to submit. Had to be malicious though, I cannot find anything online about it.  
 
Thanks,
 
FH
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5576
Re: wpndlaaa.exe  in C:\Windows\System32 dir
« Reply #3 on: Jun 24th, 2006, 1:14pm »		 Quote Quote  Modify Modify
If you look in your C:\Windows\System32 folder you should find the file renamed as  wpndlaaa.exe.tcf.  That's how THGuard whacks it...by renaming it with the .tcf extension.
 
If you have time, please send in wpndlaaa.exe.tcf just to make sure it is malicious.
 
Thanks.
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register