Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Startup Program "Eqedocay"


  • Please log in to reply
4 replies to this topic

#1 ivy.league

ivy.league

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Perth, Western Australia
  • Local time:02:30 AM

Posted 11 August 2010 - 08:02 AM

Hey Guys ,

Was looking through my system config utility startup items and came across an item I've never seen before. Found no information on the net about it.
It runs on startup and I'm using Windows XP 32bit.
Doesn't show in taskmngr processes either.

Startup Item: Eqedocay
Command: rundll32.exe "C:\WINDOWS\eqedocay.dll", Startup
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

worried that since it's a rundll32.exe has the potential to be a virus. Any info would be great, thanks.

BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:30 PM

Posted 11 August 2010 - 10:23 AM

Hi ivy.league

That could be a vundo file. . . let's run an analysis. I'm also moving this topic to the Am I Infected forum.

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link--> Virustotal

When the VirusTotal page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.

C:\WINDOWS\eqedocay.dll

Please post back the URL of the results page for each file in your next post.

If VirusTotal is busy, try the same at Jotti

~Blade


In your next reply, please include the following:
VirusTotal/Jotti result URL

Edited by Blade Zephon, 11 August 2010 - 10:24 AM.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 ivy.league

ivy.league
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Perth, Western Australia
  • Local time:02:30 AM

Posted 12 August 2010 - 03:11 AM

hey, thanks for the quick reply.

cool site virustotal.

enabled view all hidden files then ran the scan. Below are the results.

URL: http://www.virustotal.com/file-scan/report...7607-1281599942

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name: C:\WINDOWS\eqedocay.dll
Submission date: 2010-08-12 07:59:02 (UTC)
Current status: queued queued analysing finished
Result: 14/ 42 (33.3%)

#4 ivy.league

ivy.league
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Perth, Western Australia
  • Local time:02:30 AM

Posted 16 August 2010 - 08:31 AM

Got it all sorted now. Turns out it was a virus. ><

Trojan-Downloader.Win32.Mufanom.aafz

Basically the trojan opens up backdoors on your computer to allow malware to be downloaded and even key loggers.
It also modifies the system settings and creates a start up registry, which in my case was 'eqedocay' where I picked it up in my system config startup items.

Here's a link with some more information and also a way to delete it Mod Edit: link to untrustworthy site removed. ~BZ

Edited by Blade Zephon, 16 August 2010 - 10:34 PM.


#5 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:30 PM

Posted 16 August 2010 - 10:38 PM

Hi ivy.league

Sorry I missed your initial reply. I have been caught up with moving over the past week.

Just a note, the site you mentioned is very untrustworthy. There are multiple reports of malicious software being distributed from there. If you downloaded anything from that site, please reply here and let me know, so we can get you checked out.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users