Explorer.exe Hacked?

Discussion in 'malware problems & news' started by kcrusher, Jun 26, 2005.

Thread Status:
Not open for further replies.
  1. kcrusher

    kcrusher Registered Member

    Jun 26, 2005
    Hello, i am using KAV Personal Pro 5.0.20 with Sygate Personal Firewall 5.5.
    Some days ago i was alarmed to note that explorer.exe was contacting dumpserv.com after every minute and my firewall was giving me warning. So i blocked it to access the internet. I am pasting a copy of the log of Sygate personal Firewall pro log. There are hundreds of logs like that since explorer.exe contacts dumpserv.com after every minute i think. My question is why does KAV personal pro detect it as a virus?
    6/21/2005 9:09:53 PM Blocked 10 Outgoing TCP dumpserv.com [] 04-00-20-00-04-00 80 00-00-04-00-00-00 3417 C:\WINDOWS\explorer.exe john JGD Normal 3 6/21/2005 9:08:43 PM 6/21/2005 9:08:52 PM Ask all running apps

    thanks and Bye
  2. snapdragin

    snapdragin Registered Member

    Feb 16, 2002
    Southern Ont., Canada
    Hi kcrusher, and welcome to Wilders.

    The dumpserv.com [] is a CWS IP, so it is a good thing you have been blocking it with your firewall or it would have most likely tried to download even more malware.

    At this point, I would suggest you go through our General Cleaning Instructions thread. And, since this is a fairly new infection, it wouldn't hurt to followup with posting a HijackThis log at the appropriate site (you'll find a list in the General Cleaning thread) to ensure all malware files are removed and your system is clean.

    As for why KAV is calling it a virus, well that may be for a number of reasons of which I am unable to answer. But since you have posted your question at the KAV forum, they will be able to better answer that one.

    Some additional information and cleaning instructions:

    Sophos - Troj/Zlob-H
    Symantec - Trojan.Zlob
    Symantec - Trojan.Zlob.b
    F-Secure - Small.wy

    Please let us know how you make out. :)


Thread Status:
Not open for further replies.