Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Mkmoose Malware Help

  • Please log in to reply
1 reply to this topic

#1 Vince86


  • Members
  • 84 posts
  • Local time:10:50 PM

Posted 19 August 2005 - 11:43 PM

I have noticed this blank startup program in msconfig and now i looked it up. Its a malware pathex.exe named Mkmoose trojan horse. I have been running nortons AV 2005 and it won't detect it for a few weeks. Also i have adware and spybot and spydoctor, they both find some spyware/cookies, but it can't find this one, at least i don't think it has. So i need help on trying to remove this thing from my computer. I also have been getting attacked by Bla Trojan Horse the past few months, and i think its coming from my computer form what it says in the logs. My nortons firewall has been blocking it and giving me messages of me being attacked and it being blocked. It has my computer name on it and a ip address. It looks like this
Rule "Default Block Bla Trojan horse" blocked ("my computers name" ("Some ip address),"4 digit number here").
Inbound UDP packet.
Local address,service is (localhost,"4 digit number here").
Remote address,service is ("my computers name'("ip address"),4 digit number here).
Process name is "N/A".

I can't seem to detect any of these on my computer with my AV. So i need help on this also. Any help would be appreciated.

The only spybot that actually finds registry changes r spybots. it has found a DSO Exploit and i keep trying to fix it, but it always comes back the next scan. Im so fustrated! Please i need help.

Update - I went to the site that lists startup names and says what they are(the one linked to this page) It says it shows some sort of data or command in msconfig startup list but mine doesnt. The blank fields are the name and command and it just lists the location like HKCU/software/microsoft/windows/currentversion run.
This doesnt match with the 2 blank startup trojans listed on the startup list. What could this blank startup be then?

Edited by Vince86, 20 August 2005 - 10:05 AM.

BC AdBot (Login to Remove)


#2 stidyup


  • Members
  • 641 posts
  • Gender:Male
  • Local time:09:50 PM

Posted 20 August 2005 - 11:00 AM

I'd suggest submitting a hijackthis log here as you may still have infections causing your problem.

How to submit a hijackthis log

Download Hijackthis

Try running the following from safe mode (Getting to safe-mode) Sysclean you'll also need the virus template file from here lpt***.zip


DrWeb CureIT

If your good with the command line also try Sophos Command Line scanner

Also try installing and running A2 Free and Ewido

I'd also run Spybot and Adaware

If your using Win2K/XP run adaware/spybot from "safe mode with command prompt"

At the C:\ prompt type the following:-

C:\progra~1\spybot~1\spybotsd.exe /autocheck /autofix

Sophos on MkMoose

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users