hey i turned on my computer and open file security warning came up and said. the publisher could not be verified are you sure you want to run this software. Its called wuampdr.exe its an application located in the ststem32 folder. I have got no idea how i got it or what it is. I ran ad aware and stinger and there was no viruses or problems. i looked it up on search engines and it came up with different language writing. anyone know what this is?
wuampdr.exe what is it?
- Thread starter Nizmo
- Start date
PC-GUY
1
Description:
Upon execution, this memory-resident worm drops a copy of itself as the file WUAMPDR.EXE in the Windows system folder.
This worm takes advantage of the Windows LSASS vulnerability to propagate. The said vulnerability is discussed in detail in the following page:
Microsoft Security Bulletin MS04-011
This worm also has backdoor capabilities. Using a random port, it acts as an Internet Relay Chat (IRC) bot that connects to a remote IRC server and joins a specific IRC channel, where it listens for certain commands coming from a remote malicious user.
It also attempts to steal CD keys of certain popular games, as well as the Windows product registration key. It also launches a denial of service (DoS) attack using several flooding methods.
uh crap sounds bad is it bad? Steals my cd keys and registrations! conects through backdoor! does that mean it mite be stealing my credit card numbers? how do i get rid of it!!! oooh ill run the auto cleanup thing on that site u posted
Upon execution, this memory-resident worm drops a copy of itself as the file WUAMPDR.EXE in the Windows system folder.
This worm takes advantage of the Windows LSASS vulnerability to propagate. The said vulnerability is discussed in detail in the following page:
Microsoft Security Bulletin MS04-011
This worm also has backdoor capabilities. Using a random port, it acts as an Internet Relay Chat (IRC) bot that connects to a remote IRC server and joins a specific IRC channel, where it listens for certain commands coming from a remote malicious user.
It also attempts to steal CD keys of certain popular games, as well as the Windows product registration key. It also launches a denial of service (DoS) attack using several flooding methods.
uh crap sounds bad is it bad? Steals my cd keys and registrations! conects through backdoor! does that mean it mite be stealing my credit card numbers? how do i get rid of it!!! oooh ill run the auto cleanup thing on that site u posted
ipdave
1
Unfortunately, if your system was patched successfully, no worm could have used the windows vulnerability associated with the wuampdr.exe exploit. If you think you were updating, maybe you did not reboot and got infected before you last turned it off.
Good Antivirus may have caught it, but if you reinstalled windows, or did not get the patch, or some such thing, it let you get infected. Bottom line, the only way to get that infection is to NOT be patched --
<TABLE cellSpacing=0 cellPadding=2 width=515 border=0><!-- Quick Links section --><TBODY><TR><TD bgColor=#ffffff colSpan=4><TABLE cellSpacing=0 cellPadding=0 border=0><TBODY><TR><TD>QUICK LINKS </TD><TD>Understanding New Pattern Format <!-- | Automatic Removal Instructions --><!-- | Manual Removal Instructions -->| Printer Friendly Page
</TD></TR></TBODY></TABLE></TD></TR><TR><TD bgColor=#ffffff colSpan=4><HR align=center width="100%" noShade SIZE=1></TD></TR><!-- Summary Table --><TR><TD vAlign=top width=258><TABLE cellSpacing=0 cellPadding=1 width="100%" border=0><TBODY><TR><TD vAlign=top>Malware type: Worm</TD></TR><TR><TD>
</TD></TR><TR><TD vAlign=top>Aliases: Malware.h, W32.Spybot.Worm</TD></TR><TR><TD>
</TD></TR><TR><TD vAlign=top>In the wild: Yes</TD></TR><TR><TD>
</TD></TR><TR><TD vAlign=top>Destructive: No</TD></TR><TR><TD>
</TD></TR><TR><TD vAlign=top>Language: English</TD></TR><TR><TD>
</TD></TR><TR><TD vAlign=top>Platform: Windows 2000, XP</TD></TR><TR><TD>
</TD></TR><TR><TD vAlign=top>Encrypted: No</TD></TR><TR><TD>
</TD></TR><!-- <tr><td valign="top">Pattern file needed: 2.726.01</td></tr> <tr><td>/global/common/images/px.gif</td></tr> //--><!-- <tr><td valign="top">Scan engine needed: 6.810</td></tr> <tr><td>/global/common/images/px.gif</td></tr> --></TBODY></TABLE></TD><TD vAlign=top width=257><TABLE cellSpacing=0 cellPadding=1 width="100%" border=0><TBODY><TR><TD vAlign=top width="50%">Overall risk rating:</TD><TD vAlign=center width="18%">
</TD><TD>Low </TD></TR><TR><TD colSpan=3 height=2><HR color=#cccccc noShade SIZE=1></TD></TR><TR><TD vAlign=top>Reported infections:</TD><TD>
</TD><TD>Low </TD></TR><TR><TD colSpan=3>
</TD><TR><TD vAlign=top>Damage potential:</TD><TD>
</TD><TD>High </TD></TR><TR><TD colSpan=3>
</TD></TR><TR><TD>Distribution potential:</TD><TD>
</TD><TD>High </TD></TR><TR><TD colSpan=2>
</TD></TR></TBODY></TABLE></TD></TR><TR><TD colSpan=4><HR align=center width="100%" noShade SIZE=1></TD></TR><TR><TD width=515 colSpan=2><!-- Details section -->Description:
Upon execution, this memory-resident worm drops a copy of itself as the file WUAMPDR.EXE in the Windows system folder.
This worm takes advantage of the Windows LSASS vulnerability to propagate. The said vulnerability is discussed in detail in the following page:
This worm also has backdoor capabilities. Using a random port, it acts as an Internet Relay Chat (IRC) bot that connects to a remote IRC server and joins a specific IRC channel, where it listens for certain commands coming from a remote malicious user.
It also attempts to steal CD keys of certain popular games, as well as the Windows product registration key. It also launches a denial of service (DoS) attack using several flooding methods.
<TABLE cellSpacing=0 cellPadding=0 width="100%" background=/global/common/images/bg-dotted-h.gif border=0><TBODY><TR><TD>
</TD></TR></TBODY></TABLE>
For additional information about this threat, see:
Solution
Technical Details
Statistics
</TD></TR></TBODY></TABLE>
Good Antivirus may have caught it, but if you reinstalled windows, or did not get the patch, or some such thing, it let you get infected. Bottom line, the only way to get that infection is to NOT be patched --
<TABLE cellSpacing=0 cellPadding=2 width=515 border=0><!-- Quick Links section --><TBODY><TR><TD bgColor=#ffffff colSpan=4><TABLE cellSpacing=0 cellPadding=0 border=0><TBODY><TR><TD>QUICK LINKS </TD><TD>Understanding New Pattern Format <!-- | Automatic Removal Instructions --><!-- | Manual Removal Instructions -->| Printer Friendly Page
</TD></TR></TBODY></TABLE></TD></TR><TR><TD bgColor=#ffffff colSpan=4><HR align=center width="100%" noShade SIZE=1></TD></TR><!-- Summary Table --><TR><TD vAlign=top width=258><TABLE cellSpacing=0 cellPadding=1 width="100%" border=0><TBODY><TR><TD vAlign=top>Malware type: Worm</TD></TR><TR><TD>
Upon execution, this memory-resident worm drops a copy of itself as the file WUAMPDR.EXE in the Windows system folder.
This worm takes advantage of the Windows LSASS vulnerability to propagate. The said vulnerability is discussed in detail in the following page:
This worm also has backdoor capabilities. Using a random port, it acts as an Internet Relay Chat (IRC) bot that connects to a remote IRC server and joins a specific IRC channel, where it listens for certain commands coming from a remote malicious user.
It also attempts to steal CD keys of certain popular games, as well as the Windows product registration key. It also launches a denial of service (DoS) attack using several flooding methods.
<TABLE cellSpacing=0 cellPadding=0 width="100%" background=/global/common/images/bg-dotted-h.gif border=0><TBODY><TR><TD>
For additional information about this threat, see:
Solution
Technical Details
Statistics
</TD></TR></TBODY></TABLE>