mllgeneo.exe? Anyone familiar?

Discussion in 'General Topics' started by yoyoyo, Jun 24, 2004.

Thread Status:
Not open for further replies.
  1. yoyoyo

    yoyoyo Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1
    Two nights ago I was struggling with that @%$ing Casino Palazzo popup, trying all sorts of spyware and virus removal programs. I had the task manager open, when suddenly I noticed a process running the program mllgeneo.exe, which I didn't recognize from anywhere. I googled for it and found no references about this program. So I said to myself, OK, let's kill the process and see what happens (I'm such an adventurer ;p). A few seconds later, I see it reappearing. I killed the process a few times more, and it sprung back up every time. So I searched my drives for this program, and found it in the System32 folder. I killed the process and quarantined the program. Then I run HijackThis and Adware, cleaned up my system, and now, for the past two days I haven't had anymore "Casino Palazzo" popups!

    I'm not sure if it's even related, because those popups have disappeared for a couple of days only to return. So the question is: has anyone seen this program, and know what it is?

    If any security experts here would like to examine it, just let me know and I'll produce it for you.

    Thanks,

    Yoav
     
  2. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
  3. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    yoyoyo,

    Please follow instructions as posted over here and post your log file for examination.

    regards.

    paul
     
  4. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Several people are dealing with the thing: if you do a search in this forum you will see various people who were caught and hopefully cleaned op.
    What i see in those people's HiJackThis logs, it is a dll involved with different names each time, so your exe seems no part of that at first sight.
    Can you please follow instructions step #2 [thread=15913] from here [/thread] to create a HijackThis log and post it in that forum for expert review?
    Your process i didn't see in google and newsgroups yet, so it might be chosen ad randum too.
    What i do myself in such cases after killing the process from running (with TDS or task manager) is changing the extension in something un-executable (like adding an extra .tmp behind it or such) so if some process needs it it is at hand.
    With Port Explorer you might like to look when it's running if it is connected to something outside, etc. and kill it's connection or activity completely.
     
  5. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi yoyoyo,

    I have split your post with the hijackthis log in it, over into the hijack cleaning forum where one of our Experts will review it and post any needed fix in that thread.

    You can find it here: https://www.wilderssecurity.com/showthread.php?t=38089


    Regards,

    snap
     
Thread Status:
Not open for further replies.