Explorer.exe Hacked?

Discussion in 'malware problems & news' started by kcrusher, Jun 26, 2005.

Thread Status:
Not open for further replies.
  1. kcrusher

    kcrusher Registered Member

    Jun 26, 2005
    Hello, i am using KAV Personal Pro 5.0.20 with Sygate Personal Firewall 5.5.
    Some days ago i was alarmed to note that explorer.exe was contacting dumpserv.com after every minute and my firewall was giving me warning. So i blocked it to access the internet. I am pasting a copy of the log of Sygate personal Firewall pro log. There are hundreds of logs like that since explorer.exe contacts dumpserv.com after every minute i think. My question is why does KAV personal pro detect it as a virus?
    6/21/2005 9:09:53 PM Blocked 10 Outgoing TCP dumpserv.com [] 04-00-20-00-04-00 80 00-00-04-00-00-00 3417 C:\WINDOWS\explorer.exe john JGD Normal 3 6/21/2005 9:08:43 PM 6/21/2005 9:08:52 PM Ask all running apps

    thanks and Bye
  2. snapdragin

    snapdragin Registered Member

    Feb 16, 2002
    Southern Ont., Canada
    Hi kcrusher, and welcome to Wilders.

    The dumpserv.com [] is a CWS IP, so it is a good thing you have been blocking it with your firewall or it would have most likely tried to download even more malware.

    At this point, I would suggest you go through our General Cleaning Instructions thread. And, since this is a fairly new infection, it wouldn't hurt to followup with posting a HijackThis log at the appropriate site (you'll find a list in the General Cleaning thread) to ensure all malware files are removed and your system is clean.

    As for why KAV is calling it a virus, well that may be for a number of reasons of which I am unable to answer. But since you have posted your question at the KAV forum, they will be able to better answer that one.

    Some additional information and cleaning instructions:

    Sophos - Troj/Zlob-H
    Symantec - Trojan.Zlob
    Symantec - Trojan.Zlob.b
    F-Secure - Small.wy

    Please let us know how you make out. :)


Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.