View Full Version : mllgeneo.exe? Anyone familiar?
June 24th, 2004, 03:13 AM
Two nights ago I was struggling with that @%$ing Casino Palazzo popup, trying all sorts of spyware and virus removal programs. I had the task manager open, when suddenly I noticed a process running the program mllgeneo.exe, which I didn't recognize from anywhere. I googled for it and found no references about this program. So I said to myself, OK, let's kill the process and see what happens (I'm such an adventurer ;p). A few seconds later, I see it reappearing. I killed the process a few times more, and it sprung back up every time. So I searched my drives for this program, and found it in the System32 folder. I killed the process and quarantined the program. Then I run HijackThis and Adware, cleaned up my system, and now, for the past two days I haven't had anymore "Casino Palazzo" popups!
I'm not sure if it's even related, because those popups have disappeared for a couple of days only to return. So the question is: has anyone seen this program, and know what it is?
If any security experts here would like to examine it, just let me know and I'll produce it for you.
Gavin - DiamondCS
June 24th, 2004, 03:32 AM
In every case like this, please submit the file ! firstname.lastname@example.org
I'm sure other developers would like it, try email@example.com too :)
June 24th, 2004, 04:30 AM
Please follow instructions as posted over here (http://www.wilderssecurity.com/showthread.php?t=15913) and post your log file for examination.
June 24th, 2004, 04:32 AM
Several people are dealing with the thing: if you do a search in this forum you will see various people who were caught and hopefully cleaned op.
What i see in those people's HiJackThis logs, it is a dll involved with different names each time, so your exe seems no part of that at first sight.
Can you please follow instructions step #2 from here to create a HijackThis log and post it in that forum for expert review?
Your process i didn't see in google and newsgroups yet, so it might be chosen ad randum too.
What i do myself in such cases after killing the process from running (with TDS or task manager) is changing the extension in something un-executable (like adding an extra .tmp behind it or such) so if some process needs it it is at hand.
With Port Explorer you might like to look when it's running if it is connected to something outside, etc. and kill it's connection or activity completely.
June 25th, 2004, 12:52 PM
I have split your post with the hijackthis log in it, over into the hijack cleaning forum where one of our Experts will review it and post any needed fix in that thread.
You can find it here: http://www.wilderssecurity.com/showthread.php?t=38089
vBulletin® Copyright ©2000-2013, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2013, Wilders Security Forums