Suddenly my FW pops ups att each startup asking for network access for a file:
C:\Program Files\Common Files\Microsoft Shared\Web Components\LicenseMan32.exe

The registry entry is:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
"UpdateManager"="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Components\\LicenseMan32.exe"

Could it be a part of AntiVir PE, which i just installed and deinstalled?

Anyone heard about this one? Google brings no results.

Can't you look at the properties of that file?, to get more info out of it.
On the other hand, it wasn't there before and now all of a sudden, after installing/uninstalling some software you get firewall alerts, i would jump all over it and kill it, but that's what i would do.

Lamehand

whatever that file is, neither google nor yahoo have any links. using msn tho i found this page (http://www.malwarelist.org/startup/scheda.asp?num=3132) which simply says the file is malware.

No further informations in properties.
I killed it. Interesting case because nether my AV nor my AT catched it. This exe tried to conect to google and where god knows els where.

I uploaded it as a rar-file in case somebody else wants to scan it ~snipped url....Bubba~

well jotti's scanner found nothing and i dont know anything about that file.

better safe than sorry i always say.

-{ Quote: "better safe than sorry i always say." }-In this case that's the approach We will take in regards to a possible malware file "that tried to conect to google and where god knows els where".

Even under normal circumstances We ask that malware links not be posted but in this questionable case....I do not wish at this moment in time to check due to our server issues and have erred on the side of caution and removed the URL.

As for the future....if one has a questionable file that does show signs of being UPX packed making outbound connection to "god knows els where"....Please do not post a link to that questionable file here on Wilders. There are numerous choices available other than Wilders to share possible malware files.

For what it's worth Tommy....the UPX portion does make mention of Borland if that by chance helps in regards to what you may have been doing at the time of the outbound. In any case....with our ongoing server issue it's not a good time to be checking and ask that we use caution during this up\down issue.

Thanks,
Bubba

Hi Tommy


My searches brought up these two sites Although I cant make
head nor tail of the first one (maybe you can)
The second is the same as wsfuser's

http://www.windowsbbs.com/showthread.php?t=56653

http://www.malwarelist.org/startup/scheda.asp?num=3132

@Bubba
sorry for posting the link, didn't had bad intentions. Will keep the rule in mind next time.

@Texcritter
Thanks for the links.

Anyway problem solved, file and registry entry killed.

yea the second one is teh same.

found this forum by google searching for licenseman32.exe

I can tell jou, its a virus.. my log:

http://img452.imageshack.us/img452/6517/licensemanvirusim6.jpg

*sorry, it's dutch, i'm from holland*