mllgeneo.exe? Anyone familiar?

Discussion in 'Forum Related Discussions' started by yoyoyo, Jun 24, 2004.

Thread Status:
Not open for further replies.
  1. yoyoyo

    yoyoyo Registered Member

    Jun 22, 2004
    Two nights ago I was struggling with that @%$ing Casino Palazzo popup, trying all sorts of spyware and virus removal programs. I had the task manager open, when suddenly I noticed a process running the program mllgeneo.exe, which I didn't recognize from anywhere. I googled for it and found no references about this program. So I said to myself, OK, let's kill the process and see what happens (I'm such an adventurer ;p). A few seconds later, I see it reappearing. I killed the process a few times more, and it sprung back up every time. So I searched my drives for this program, and found it in the System32 folder. I killed the process and quarantined the program. Then I run HijackThis and Adware, cleaned up my system, and now, for the past two days I haven't had anymore "Casino Palazzo" popups!

    I'm not sure if it's even related, because those popups have disappeared for a couple of days only to return. So the question is: has anyone seen this program, and know what it is?

    If any security experts here would like to examine it, just let me know and I'll produce it for you.


  2. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Feb 10, 2002
    Perth, Western Australia
  3. Paul Wilders

    Paul Wilders Administrator

    Jul 1, 2001
    The Netherlands

    Please follow instructions as posted over here and post your log file for examination.


  4. Jooske

    Jooske Registered Member

    Feb 12, 2002
    Netherlands, EU near the sea
    Several people are dealing with the thing: if you do a search in this forum you will see various people who were caught and hopefully cleaned op.
    What i see in those people's HiJackThis logs, it is a dll involved with different names each time, so your exe seems no part of that at first sight.
    Can you please follow instructions step #2 [thread=15913] from here [/thread] to create a HijackThis log and post it in that forum for expert review?
    Your process i didn't see in google and newsgroups yet, so it might be chosen ad randum too.
    What i do myself in such cases after killing the process from running (with TDS or task manager) is changing the extension in something un-executable (like adding an extra .tmp behind it or such) so if some process needs it it is at hand.
    With Port Explorer you might like to look when it's running if it is connected to something outside, etc. and kill it's connection or activity completely.
  5. snapdragin

    snapdragin Registered Member

    Feb 16, 2002
    Southern Ont., Canada
    Hi yoyoyo,

    I have split your post with the hijackthis log in it, over into the hijack cleaning forum where one of our Experts will review it and post any needed fix in that thread.

    You can find it here:


Thread Status:
Not open for further replies.