PDA

View Full Version : wJQs.exe - anyone know what it is?



Miaow
14-10-2009, 10:05am
This appeared on my system this morning (well created date was 12th) - avg & spybot show nothing wrong with it scanning it - comodo firewall said it was trying to install a hook so didnt let it - doesnt appear to be running in process/applications etc

Looking on the net it seems to be a trojan or something but nothings picking it up - only thing can think of that it came down with is when i installed an adobe reader update on sunday when comp booted up?

I've blocked it in comodo but not sure what to do with the file - its in administrator/local services/temp?

Edited to add: I've downloaded the sophos rootkit detection thing but as yet havent run it

Hmm just found that spybot didnt check it cause I'd quarrantined it with Comodo..

oldfart
14-10-2009, 10:41am
Try Malwarebytes or Ad-Aware

Spybot has had it's day.

Miaow
14-10-2009, 10:44am
I tried to take it out of quarrantine on comodo but for some reason it wont let me hmm so comodo is blocking anything even trying to access it which is good - maybe is safe to leave it there - just wondering if i should delete it

Edited to add: went through registry looking for anything on it and seems be be just under comodos quarrantine plus in the search details (when i was looking for it on the hd) etc nothing else showing

Kym
14-10-2009, 10:58am
Yup - its a piece of malware - kill it.
Ad-Aware knows this one and will clean it up.

Miaow
14-10-2009, 11:17am
Thanks - getting ad-aware now (again did have it but removed it for spybot)

Miaow
14-10-2009, 12:13pm
hmm adaware didnt find it???? found something else though that never showed up in the past though

Ive blocked the file again with comodo in case tries to run again

ameerat42
14-10-2009, 12:49pm
Heck! At 12.47 pm I googled it. There were 100's of references, and all on the 1st page looked bad. SO, quaratine sounds like a good temporary spot for it. Am...

Miaow
14-10-2009, 2:41pm
Weird now the defrag process in windows seems to be trying to access that file mind you i wasnt defraging... weird

hmm wonder what would happen if i deleted it :o dont want to suddenly find though it causes a problem - is weird adaware doesnt see it cause I unquarrantined it so it was able to check it fine

Miaow
14-10-2009, 2:53pm
Thanks Rich will try that one also - scanning now after unquarrantining it from Comodo

Miaow
14-10-2009, 3:07pm
Well i saw malwarebytes scan that dir and nothing showing as bad as yet ....

Edited:scan finished one little file that was just a trace file but nothing to do with that file - so its back quarrantined again...

Miaow
14-10-2009, 6:09pm
I sent it off to AVG for analysis - will see what they say...

This site has me a little worried:
http://www.prevx.com/filenames/2129194514198174408-X1/WJQS.EXE.html

Miaow
14-10-2009, 10:35pm
AVG have replied and yep its a trojan...


Dear Sir/Madam,

thank you for your e-mail.

Please let us inform you that the file attached to your previous
e-mail was new version of Trojan horse. Detection of the infection
will be available within one of the next AVG virus definitions
updates. AVG updates are released in reaction to amount and severity
of new threats. It is recommended to check for new updates at least
once a day. Checking every 4 hours will guarantee that your AVG Virus
base is kept up-to-date.

Thank you for your cooperation.

Best regards,


Edited to add its now no longer there - deleted it

Miaow
15-10-2009, 4:15pm
Very interesting - just looked up Adobe Reader and trojans and it looks like its very vunderable to backdoor attacks :eek: though i never opened a pdf like it said would need to infect it - well recently

New article dated 13th Oct
http://www.enigmasoftware.com/adobe-reader-vulnerability-cve-2009-3459-allows-hackers-insert-backdoors-on-computers/