Unknown App

Discussion in 'other security issues & news' started by BuzzStone, Nov 6, 2009.

Thread Status:
Not open for further replies.
  1. BuzzStone

    BuzzStone Registered Member

    Joined:
    Nov 8, 2006
    Posts:
    163
    I have the following application that I found in Task Scheduler: prvlzwkb. It is located in Windows System32 Rundll32.exe - nnnoNffg.dll. I have no idea what it does and cannot find any info on it. Does anyone have any ideas what it could be?
     
  2. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
  3. BuzzStone

    BuzzStone Registered Member

    Joined:
    Nov 8, 2006
    Posts:
    163
    Thanks for the reply Tarq57. I did some more googling after my post and found the info you have posted. I have scanned with MBAM, SAS, MSE and all comes up clean.
     
  4. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    I reckon it's there, but cloaking itself. Such process names bear similarities to those used by rootkits. Or polymorphic malware.
    Either way, you'll need to find a way to stop it or uncloak it before it can be recognized and eliminated for good.
    Not my province, sorry, not trained/knowledgeable enough to confidently help others, there are folk here that are, and plenty of malware removal forums that can help, too. (MajorGeeks, Bleeping computer, Aumha etc. There's a sticky about that Here.
     
  5. subhrobhandari

    subhrobhandari Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    708
    Spybot should clean Vundo variants.
     
  6. ha14

    ha14 Registered Member

    Joined:
    Sep 6, 2009
    Posts:
    53
    Hi

    Download Hijackthis and do a scan and save the log file, then post here so someone can help you. Alternatively download superantispyware and malwarebytes antimalware. Instal both of them the reboot in safe mode and then scan first with superantispyware, then reboot normal and clean. Repeat the same with malwarebtres antimalware. Good luck.
     
  7. lordpake

    lordpake Registered Member

    Joined:
    Aug 7, 2004
    Posts:
    563
    Location:
    Helsinki ~ European Union
    I do believe forum policies forbid posting of HjT logs here :) unless specifically requested by forum staff member or other expert, see this thread https://www.wilderssecurity.com/showthread.php?t=42148
     
  8. catcherintherye

    catcherintherye Registered Member

    Joined:
    Oct 28, 2008
    Posts:
    13
  9. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
Loading...
Thread Status:
Not open for further replies.