Security Task Manager v Module32.exe

muckto · Cadet Joined: May 29, 2004 Posts: 2 Location: USA

Hi all,

I had until yesterday a Trojan/Malware called module32.exe, not sure how I got that but it was there. It took me a while to locate so I wanted to document this for all users out there.

First, it would set my homepage to about:blank, then it would prevent me from copying and pasting into IE 6.0 SP1 - note other browsers eg Mozilla would work fine.

Thats how I guessed I was infected somehow eventhough I run firewall and real time anti virus.

I tried various software namely Spybot and a2 but nothing apart from harmless malware. Then I read about HijackThis but here again nothing too bad except for my start page set to about:blank.

Since my firewall and task manager would crash everytime I was starting my PC, I thought that I had to get to the bottom of the problem because not using IE anymore was not enough, there was something serious going on.

I discovered Security Task Manager, and I have to say that in 5 minutes, module32.exe was located on my HD and quarantined, easy! Its a payware, but I have to say that I will probably buy it because it is above the rest of the anti-spywares you can find on the web!

So if you boys and girls get these symptoms, here is the url for your fix:
http://www.neuber.com/taskmanager/

Good luck,
Jack Muckto

Mariner · Posted: Mon May 31, 2004 3:46 pm Post subject:

muckto,

I think you'll find that module32.exe is a keylogger and l don't see that resetting your homepage to A_B. A program such as SpyCop would detect a keylogger but not an A_B infection.

If you have a true About_Blank problem, no commercially available program on earth will remove that for you. That will require you to submit a HijackThis log and have an expert look at it for you.

claire · Posted: Mon May 31, 2004 3:49 pm Post subject:

Hi,
I absolutely second Mariner on this issue

mbauer · Cadet Joined: Jun 24, 2004 Posts: 1 Location: Switzerland

Mariner · Posted: Fri Jun 25, 2004 9:15 am Post subject:

CRAP!!

muckto's problem solved (alledgedly) was a keylogger issue, not an A_B pproblem. An A_B problem will require specialised attention.

There is one hidden dll file, which is isolated by running other special utilities*, not a log. There is a visible dll file which you can see in the HJT log and this is also part of A_B. It was probably put there as a diversionary tactic. But this one is no problem to remove. The hidden one which is invisible, is hard to detect and even harder to remove. It is not visible in the HJT log, and has hidden, read-only attributes.

There is not one single version of this thing; there being different strains, all requiring one-on-one working by an expert.

*Note. "other special utilities" you simply will not find these contained within this program. And, they must be run in a special sequence as dictated by the variant and the advice of the expert working the case.

Say again, If you have a true About_Blank problem, no commercially available program on earth will remove that and that alone for you.

Course, you should not confuse an A_B problem with that of you having set your home page to "Blank" by yourself.

If this wonderous cure-all 'Security Task Manager'; did all that has been claimed by yourself and muckto, this and every other site would be out of business within the week, there being no more problems to solve and help to dish out, etc. We are still here, along with all the others........

Once more...To all others reading this, please, if you have an About_Blank problem, read the instructions in the Hijackthis - Spyware, Viruses, Worms, Trojans Oh My! Forum and then submit your log or, seek further advice re same from us here at CC. Thanks

negster22 · Posted: Fri Jun 25, 2004 9:40 pm Post subject:

Mariner and claire are correct. Mucko is mislead or confused. module32.exe bears not relationship to an About:blank infection. Removal and detection of this pest is at best semi-automated and at worst completely manual. To further complicate the issue, each individual case can be unique. Maybe mucko is just not aware of the intracacies involved in about:blank removal, but to suggest that Security Task Manager is a panacea for the real about:blank infection is highly suspect. I, for one do not believe it. No way, no how.

negster22 · Posted: Sat Jun 26, 2004 10:43 am Post subject:

negster22 · Posted: Sat Jun 26, 2004 10:52 am Post subject:

Minor correction: SpywareGuard is the real-time browser protection program.
www.javacoolsoftware.com/sgdownload.html

Spyguard is a program that actually spies on people. Wouldn't want to recommmend that! Laughing

But the link is correct, all the same.


	Home ˇ Topics ˇ Submit News ˇ Top 10 This entire site, Cops Themes, and Computer Cops are Š 2002 - 2004 Computer Cops, LLC. All rights reserved. You can syndicate our news using the file RSS 0.91, ultramode.txt, or RSS 1.0. Acceptable Use Policy. Use signifies your agreement. Engine Copyright Š 2002 by PHP-Nuke, GNU/GPL Licensed. ICRA Member. Paul Laudanski, Member of Computer Cops, LLC Server Load: 703 pages served in previous 5 minutes. Page Rendered: 0.388 seconds.