Chunck0.exe

Log Out | Lost Password? | Topics | Search | Who's Online Contact | Register | My Profile | SO home | MOL home

Thread Originator Last Poster Posts Pages Last Post   Closed: New threads not accepted on this page

Author Message   blackcat Citizen Username: Blackcat Post Number: 645 Registered: 6-2001 Posted on Wednesday, June 28, 2006 - 2:42 pm:        We're pretty sure we got this on our laptop. Looks pretty malicious. Anyone else heard of this?   blackcat Citizen Username: Blackcat Post Number: 646 Registered: 6-2001 Posted on Wednesday, June 28, 2006 - 3:50 pm:        to clarify, there are processes running that are unknown to me. When I did a search on some forums, this particular .exe is related to Trojan.PWS-Steal.C Sounds like a bad one and the only way to be sure it's removed is to reformat. Don't really want to do that. I came across a site that says can clean it, but I'm a little hesitant. http://virusinfo.prevx.com/viruscenter.asp?GRP=4837700018 Any help is appreciated   Glock 17 Citizen Username: Glock17 Post Number: 1289 Registered: 7-2005 Posted on Wednesday, June 28, 2006 - 3:53 pm:        Just shut it off by hitting control alt delete...select it in the running processes and click end process tree also us spybot search and destroy to try and stop it from running upon computer restart   Monster© Supporter Username: Monster Post Number: 3841 Registered: 7-2002 Posted on Wednesday, June 28, 2006 - 3:53 pm:        Haven't heard of it, and I can't find anything online either, so what's it doing, and/or why do you think it's bad news?   blackcat Citizen Username: Blackcat Post Number: 647 Registered: 6-2001 Posted on Wednesday, June 28, 2006 - 4:25 pm:        the machine's processor is going crazy and there are a lot of new processes running. There are nasty popups coming up. I can't download new Mcafee files and when I try loggin in with my admin login, I get a sortof blue screen of death..".IRQL_NOT_LESS_OR_EQUAL Begin dump of physical memory" ctl/alt/del won't work. I have to shut down with power button. I searched and got this from forum.spywareinfo.com where the symptoms and processes were similar... "There are malware entries on your log, and unfortunately it shows the contemptible Trojan Torpig, which can allow an attacker to gain control of the system, log keystrokes, steal passwords, access personal data, send malevolent outgoing traffic, and close the security warning messages displayed by some anti-virus and security programs. Would advise for you to disconnect this PC from the Internet, and then go to a known clean computer and change any passwords or security information held on the infected computer. In particular, check whatever relates to online banking financial transactions, shopping, credit cards, or sensitive personal information. It is also wise to contact your financial institutions to apprise them of your situation. Will do our best to clean the computer of any infections seen on the log. However, because of the nature of this Trojan, cannot offer a total guarantee that there are no remnants left in the system, or that the computer will be trustworthy. Many security experts believe that once infected with this type of Trojan, the best course of action is to reformat and reinstall the Operating System. Making this decision is based on what the computer is used for, and what information can be accessed from it.   blackcat Citizen Username: Blackcat Post Number: 648 Registered: 6-2001 Posted on Wednesday, June 28, 2006 - 4:31 pm:        sorry, the process running is chunk0.exe   Tom Reingold Supporter Username: Noglider Post Number: 14820 Registered: 1-2003 Posted on Wednesday, June 28, 2006 - 5:02 pm:        That spelling makes googling much more fruitful. I hope you've read this: http://virusinfo.prevx.com/pxparall.asp?PXC=ef9c21204468   Monster© Supporter Username: Monster Post Number: 3845 Registered: 7-2002 Posted on Wednesday, June 28, 2006 - 5:20 pm:        PWS-Steal is also known as Rivarts.A, which is a false positive, in other words it's okay, do you have "Trojan Hunter Guard" installed, it doesn't look like it is related to your problems. Troj/Torpig-AX is a key logging trojan, and it would be a good thing to go to a clean computer and change passwords etc., make sure the infected computer is not connected to the network at all while doing this, and make sure the computer you are using is clean. What tools do you have at your disposal? antivirus? adware removal. etc.   Monster© Supporter Username: Monster Post Number: 3846 Registered: 7-2002 Posted on Wednesday, June 28, 2006 - 5:25 pm:        here are a few other names it goes by Trojan-PSW.Win32.Sinowal.r Trojan.Spy.Sinowal-25 Win32/TrojanDropper.Small.NEA   Monster© Supporter Username: Monster Post Number: 3847 Registered: 7-2002 Posted on Wednesday, June 28, 2006 - 5:36 pm:        some more names Win32.Lineage.S [Computer Associates], Trojan-PSW.Win32.Delf.fz [Kaspersky Lab], Trojan-PSW.Win32.Lmir.aeu [Kaspersky Lab], PWS-LegMir!chm [McAfee], PWS-Lineage{.dll, !chm} [McAfee], Troj/LegMir-AE [Sophos], CHM_DELF.D [Trend Micro], TROJ_DELF.RM [Trend Micro], TSPY_LINEAGE.AP [Trend Micro]   Monster© Supporter Username: Monster Post Number: 3848 Registered: 7-2002 Posted on Wednesday, June 28, 2006 - 5:38 pm:        Norton calls it Trojan.Jasborn, and here is the link to their page on how to remove it.