Jump to content

wmpkpl.exe


Recommended Posts

Hello , recently i got this worm which disabled my latest sophos. User don't have admin rights, it seems it spreads and exploits any bug in spooler service..

I uploaded these files to virusscan.jotti.org , noone of these AV didn't recognised it. I really don't know what to do - worm infected 7 computers right now.

It is unable to start these programs:

-hijackthis

-spybotsd

-combofix (BSOD)

-sdfix doesn't found anything

-antibytes malware is unable to start (intermediteally killed)

-process which always runs is wmpkpl.exe (it is possibly to kill that, but it always starts up)

- it infects all other drives like usb keys or smth..

hosts file is always changed from normal kbs to some 5 MegaBytes

Process 'c:\WINDOWS\system32\nxts02.exe@' exhibiting suspicious behavior pattern 'HIPS/FileMod-001'.

No action taken.

Please send a sample to Sophos.

Process 'C:\WINDOWS\system32\svchost.exe' exhibiting suspicious behavior pattern 'Buffer Overflow'.

No action taken.

Please send a sample to Sophos.

Process 'C:\WINDOWS\system32\svchost.exe' exhibiting suspicious behavior pattern 'Buffer Overflow'.

No action taken.

Please send a sample to Sophos.

Process 'C:\WINDOWS\system32\svchost.exe' exhibiting suspicious behavior pattern 'Buffer Overflow'.

No action taken.

Please send a sample to Sophos.

Process 'C:\WINDOWS\system32\svchost.exe' exhibiting suspicious behavior pattern 'Buffer Overflow'.

No action taken.

Please send a sample to Sophos.

Process 'c:\WINDOWS\system32\wmpkpl.exe' exhibiting suspicious behavior pattern 'HIPS/RegMod-007'.

No action taken.

Please send a sample to Sophos.

Attach.txt log:

==== Disabled Device Manager Items =============

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}

Description: PS/2 Compatible Mouse

Device ID: ACPI\PNP0F13\4&1117367&0

Manufacturer: Microsoft

Name: PS/2 Compatible Mouse

PNP Device ID: ACPI\PNP0F13\4&1117367&0

Service: i8042prt

==== System Restore Points ===================

x

==== Image File Execution Options =============

IFEO: Ad-Aware.exe - ntsd -d

IFEO: Ad-AwareAdmin.exe - ntsd -d

IFEO: AvastSvc.exe - ntsd -d

IFEO: avastUI.exe - ntsd -d

IFEO: avp.exe - ntsd -d

IFEO: bdagent.exe - ntsd -d

IFEO: ccSvcHst.exe - ntsd -d

IFEO: conime.exe - wmpkph.exe

IFEO: AutorunsDisabled - wmpkph.exe

IFEO: egui.exe - ntsd -d

IFEO: ekrn.exe - ntsd -d

IFEO: KAV32.exe - ntsd -d

IFEO: KAVSVC.exe - ntsd -d

IFEO: livesrv.exe - ntsd -d

IFEO: mbam.exe - ntsd -d

IFEO: mrt.exe - ntsd -d

IFEO: mrtstub.exe - ntsd -d

IFEO: msascui.exe - ntsd -d

IFEO: msmpeng.exe - ntsd -d

IFEO: PREVX.exe - ntsd -d

IFEO: seccenter.exe - ntsd -d

IFEO: symlcsvc.exe - ntsd -d

IFEO: vsserv.exe - ntsd -d

==== Installed Programs ======================

32 Bit HP BiDi Channel Components Installer

Acrobat.com

ActivCard SmartReader

ActivClient 6.1 x86

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 9 ActiveX

Adobe Reader 9

Broadcom Management Programs

Broadcom NetXtreme Ethernet Controller

BufferChm

Compatibility Pack for the 2007 Office system

CreaSignClientIE

CutePDF Writer 2.7

Destination Component

DeviceManagementQFolder

Diagnostics for Windows

DocProc

DocProcQFolder

Easy CD & DVD Creator 6

eSupportQFolder

getPlus® for Adobe

HighMAT Extension to Microsoft Windows XP CD Writing Wizard

HijackThis 2.0.2

Hotfix for Windows XP (KB915865)

HP Imaging Device Functions 9.0

hp L1730 INF and ICM software

HP OCR Software 9.0

HP Photosmart Essential

HP Scanjet 5530 9.0

HP Solution Center 9.0

HP Update

hpg5530

hpg5530QFolder

HPProductAssistant

Intel® Graphics Media Accelerator Driver

InterVideo WinDVD

Java 2 Runtime Environment, SE v1.4.2_05

Java 6 Update 7

Macromedia Flash Player

Malwarebytes' Anti-Malware

Microsoft .NET Framework 1.1

Microsoft Data Access Components KB870669

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2000 SR-1 Premium

Microsoft Office Professional Edition 2003

Microsoft Visual C++ 2005 Redistributable

PanoStandAlone

PDFCreator

Previous Versions Client

Prevx

RegScrubXP 3.25

Remote Diagnostics Enabling Agent

Scan

ScannerCopy

Security Update for Windows Media Player 9 (KB911565)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893066)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896422)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB896688)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899589)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB908531)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB912812)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB918899)

Security Update for Windows XP (KB919007)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB921398)

Security Update for Windows XP (KB921883)

Security Update for Windows XP (KB922616)

Security Update for Windows XP (KB923191)

Security Update for Windows XP (KB923414)

Skype

bla.zip

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.