Strange nav pop up

Forums » Up and Running » Security » Security » Strange nav pop up


Uniqs: 557	Share Topic:	RSS topic:	toggle: flat / full normal / watch	Posting:	Post a:	Post a:

Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal

How do you like your updates served - with this poll I hope »
« How do you like your updates served to your Mother's System?

FoMoCo
466 C.I.D.

join:2001-01-10
Grand Rapids, MI

I installed the new windows defender to night to give it a try.While I let it scan nav pops up with what you see in the pic.I have gotten the pop up before while surfing and nav always killed it but never seen it in C:\Program Files\Windows Media Player\wmplayer.exe.tmp.Question is did nav seen the activity on this file because defender was scanning it?Have not been *infected* in 5 years and pc was running great so this kind of suprised me.Btw the tmp folder nav said this was in is not there.
--
When life becomes a drag - floor it - Galaxie 500

permalink · 2006-04-17 21:41:45 · Print ·

amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA

·RoadRunner Cable

Re: Strange nav pop up

said by FoMoCo

:

I installed the new windows defender to night to give it a try.While I let it scan nav pops up with what you see in the pic.I have gotten the pop up before while surfing and nav always killed it but never seen it in C:\Program Files\Windows Media Player\wmplayer.exe.tmp.Question is did nav seen the activity on this file because defender was scanning it?Have not been *infected* in 5 years and pc was running great so this kind of suprised me.Btw the tmp folder nav said this was in is not there.

The alert from NAV states the file has been deleted from the computer. You can get more information in the logs about the file and the event.

permalink · 2006-04-17 23:15:37 · Print ·

planet join:2001-11-05 Olmsted Falls, OH	Re: Strange nav pop up There might be a backup of the file made by NAV as well.
	permalink · 2006-04-17 23:40:18 ·

amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA

·RoadRunner Cable

Google-ing 'wmplayer.exe.tmp'
»www.google.com/search?hl=en&q=wm···e+Search

you'll find this file has been positively ID'd by the major AV vendors all with different 'names' for the 'virus'.

You would be wise to follow thru the steps here: »Security Cleanup FAQ »Mandatory Steps Before Requesting Assistance and if you find more malware that you can not remove begin a new topic in the Security Cleanup forum »Security Cleanup but only after following the pre-cleanup rules.

Good luck.

permalink · 2006-04-18 00:09:13 · Print ·

FoMoCo 466 C.I.D. join:2001-01-10 Grand Rapids, MI	Thats the weird thing about this and it is why I posted,my system is and has been clean.Not new to security and run nav,ad aware,spybot,script defender,crap cleaner and zone alarm pro behind a nat.Something could have been hidding from me so I will go through it again but I haven't see any odd things happening at all. -- When life becomes a drag - floor it - Galaxie 500
	permalink · 2006-04-18 07:34:38 ·

amysheehan Premium,VIP,MVM join:1999-12-21 Huntington Beach, CA ·RoadRunner Cable	Re: Strange nav pop up Here's a write up from CounterSpy which includes the file wmplayer exe tmp : »72.14.203.104/search?q=cache:kTj···lnk&cd=6 Because this threat 'may' disable security software you should consider running the Symantec Auto-Fix tool just to be sure your AV is in working order. Link: »https://www-secure.symantec.com/techsupp···ndex.jsp
	permalink · 2006-04-18 10:33:09 · Print ·

jbob
Reach Out and Touch Someone
Premium
join:2004-04-26
Little Rock, AR

·Comcast

·AT&T Southwest

This could be one of those times when your AV, in the past, has not been able to detect whatever you've got. Traditionally AV apps have been less capable of detecting Trojan type infections. When I first read this I was curious of the .tmp extension that showed being deleted. As Amy posted there is evidence that this could indeed be some sort of Trojan infection. It's possible that this has been on your computer for some time however your AV was either not capable of detecting it yet or perhaps you never did a full system scan for it to scan the file. I suppose what happened is that when you ran the new version of Windows Defender it scanned the file, which while it was being scanned by WD, your NAV then had a chance to scan it and now detected it.

It's possible NAV was updated and now was able to detect it or you're using a newer version of NAV that is better capable of detecting Trojan like activity.

One other thing is NAV typically uses a quarantine to store deleted files. You might check there of the NAV logs to see where the file might be. That is why it no longer showed in the tmp folder because it has been deleted from there.

Perhaps now is a good time to do a full system scan, all files, with NAV. I'd also download the free Ewido and A2 scnanners and give them a try as well. Might try some of the free online scans as well.

permalink · 2006-04-18 10:17:07 · Print ·

FoMoCo 466 C.I.D. join:2001-01-10 Grand Rapids, MI	Always thought of myself as being pretty good about security but I guess things can get by anyone.I have a clone of this drive which depending on how long this was on there may be on that.I'll hook it up as a slave and see just what it is.Thanks for your input guys/gals. -- When life becomes a drag - floor it - Galaxie 500
	permalink · 2006-04-18 12:32:11 ·

FoMoCo 466 C.I.D. join:2001-01-10 Grand Rapids, MI	Well after looking in the back up of nav and seeing the time stamp on what was going on I had a talk with my kid.Knows to tell me if/when nav or anything else pops up but forgot.System is clean thankfully now time for retraining of the kid. -- When life becomes a drag - floor it - Galaxie 500
	permalink · 2006-04-18 18:50:55 ·

jbob
Reach Out and Touch Someone
Premium
join:2004-04-26
Little Rock, AR

·Comcast

·AT&T Southwest

Re: Strange nav pop up

said by FoMoCo

:

Well after looking in the back up of nav and seeing the time stamp on what was going on I had a talk with my kid.Knows to tell me if/when nav or anything else pops up but *forgot*.System is clean thankfully now time for retraining of the kid.

I wouldn't be to sure. According to the NAV popup dialog you posted the offending file was in the C:\Program Files\Window Media Player\ folder. If your kid had seen that popup warning before, and you had NAV set to auto delete any nasties, then the file should have been removed from that location. As the dialog you posted showed it is not in a quarantined location.

Of course your kid could have told NAV to not do anything to the file when it popped up a dialog when he first saw it.

Again I do not know all the facts or how your system is setup but just in case!

permalink · 2006-04-18 19:08:28 · Print ·

FoMoCo 466 C.I.D. join:2001-01-10 Grand Rapids, MI	Re: Strange nav pop up The file was in quarantine.
	permalink · 2006-04-18 19:21:15 ·

planet join:2001-11-05 Olmsted Falls, OH 2 edits	Re: Strange nav pop up Sorry, never mind.
	permalink · 2006-04-18 19:31:03 ·

your comment..

Forums » Up and Running » Security » Security	How do you like your updates served - with this poll I hope » « How do you like your updates served to your Mother's System?


Thursday, 03-Dec 08:56:57	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com.republican-creole page compression OFF