Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WIbf95.exe


  • Please log in to reply
No replies to this topic

#1 ximbroglio

ximbroglio

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 02 September 2009 - 04:11 PM

This file (WIbf95.exe) brings up a popup everytime the computer is booted giving a warning of infection sporting a Windows type logo ala windows security tray. Since this is not my machine I don't know if it is legit (as he has McAfees installed) or just one of those hoax warnings. It shows a total of 25 threats. Anyway a search on the internet has revealed nothing on this file, so I suspect it is new malware. BTW, trying to log in and post from his computer causes me to be sent relentlessly to guest. Any help will be greatly appreciated. Thanks


Posted Image

WIbf95


edit;

He's running VISTA and I've also been unable to unhide/find the containing folder (bf9545f) under the path C:\ProgramData\bf9545f\ so the file can be deleted if necessary.

edit2;

OK, got the file transported to my machine and submitted to Eset

Scanned disks, folders and files: O:\WIbf95.exe
O:\WIbf95.exe - a variant of Win32/Kryptik.AHF trojan


edit3;

OK, I also found vd952342.bd created at the same time as the WIbf95.exe. This leads me to believe this could be another variant of VirusSweeper found by searching vd952342.bd on this site. Hope that helps someone. Still waiting any input...


Thanks again,
xim

Edited by ximbroglio, 02 September 2009 - 05:14 PM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users