User Tag List

Thanks useful information Thanks useful information:  0
Results 1 to 14 of 14

Thread: wJQs.exe - anyone know what it is?

  1. #1
    Member
    Join Date
    22 Jul 2008
    Location
    Rosebud, Mornington Peninsula
    Posts
    2,838
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    wJQs.exe - anyone know what it is?

    This appeared on my system this morning (well created date was 12th) - avg & spybot show nothing wrong with it scanning it - comodo firewall said it was trying to install a hook so didnt let it - doesnt appear to be running in process/applications etc

    Looking on the net it seems to be a trojan or something but nothings picking it up - only thing can think of that it came down with is when i installed an adobe reader update on sunday when comp booted up?

    I've blocked it in comodo but not sure what to do with the file - its in administrator/local services/temp?

    Edited to add: I've downloaded the sophos rootkit detection thing but as yet havent run it

    Hmm just found that spybot didnt check it cause I'd quarrantined it with Comodo..
    Last edited by Miaow; 14-10-2009 at 3:03pm.
    Cat (aka Cathy) - Another Canon user - 400D, 18-55,75-300mm Kit Lens,50mm f1.8, Tamron 90mm f2.8 Macro, Sigma 28-70 f2.8-4 DG, Tripod and a willingness to learn
    Software used: PhotoImpact, Irfanview and a lot of plugins
    We don't make a photograph just with a camera, we bring to the act of photography all the books we have read, the movies we have seen, the music we have heard, the people we have loved. - Ansel Adams


  2. #2
    Member
    Join Date
    07 Aug 2007
    Location
    Newcastle, NSW
    Posts
    321
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Try Malwarebytes or Ad-Aware

    Spybot has had it's day.

  3. #3
    Member
    Threadstarter

    Join Date
    22 Jul 2008
    Location
    Rosebud, Mornington Peninsula
    Posts
    2,838
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I tried to take it out of quarrantine on comodo but for some reason it wont let me hmm so comodo is blocking anything even trying to access it which is good - maybe is safe to leave it there - just wondering if i should delete it

    Edited to add: went through registry looking for anything on it and seems be be just under comodos quarrantine plus in the search details (when i was looking for it on the hd) etc nothing else showing
    Last edited by Miaow; 14-10-2009 at 10:49am.

  4. #4
    It's all about the Light!
    Tech Admin
    Kym's Avatar
    Join Date
    15 Jun 2008
    Location
    Modbury, Adelaide
    Posts
    9,641
    Mentioned
    18 Post(s)
    Tagged
    0 Thread(s)
    Yup - its a piece of malware - kill it.
    Ad-Aware knows this one and will clean it up.

  5. #5
    Member
    Threadstarter

    Join Date
    22 Jul 2008
    Location
    Rosebud, Mornington Peninsula
    Posts
    2,838
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks - getting ad-aware now (again did have it but removed it for spybot)

  6. #6
    Member
    Threadstarter

    Join Date
    22 Jul 2008
    Location
    Rosebud, Mornington Peninsula
    Posts
    2,838
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    hmm adaware didnt find it???? found something else though that never showed up in the past though

    Ive blocked the file again with comodo in case tries to run again

  7. #7
    Arch-Σigmoid Ausphotography Regular ameerat42's Avatar
    Join Date
    18 Sep 2009
    Location
    Nthn Sydney
    Posts
    16,786
    Mentioned
    21 Post(s)
    Tagged
    0 Thread(s)
    Heck! At 12.47 pm I googled it. There were 100's of references, and all on the 1st page looked bad. SO, quaratine sounds like a good temporary spot for it. Am...

  8. #8
    Member
    Threadstarter

    Join Date
    22 Jul 2008
    Location
    Rosebud, Mornington Peninsula
    Posts
    2,838
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Weird now the defrag process in windows seems to be trying to access that file mind you i wasnt defraging... weird

    hmm wonder what would happen if i deleted it dont want to suddenly find though it causes a problem - is weird adaware doesnt see it cause I unquarrantined it so it was able to check it fine

  9. #9
    Ausphotography Addict Richard Hall's Avatar
    Join Date
    06 Jan 2007
    Location
    Adelaide
    Posts
    5,286
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    I've found Malwarebyte's, Antimalware to be about the best piece of software for spy/virus removal. Download it HERE and give it a shot.
    www.richardhallphotography.com



    Atheism is Myth-understood

  10. #10
    Member
    Threadstarter

    Join Date
    22 Jul 2008
    Location
    Rosebud, Mornington Peninsula
    Posts
    2,838
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks Rich will try that one also - scanning now after unquarrantining it from Comodo
    Last edited by Miaow; 14-10-2009 at 3:03pm.

  11. #11
    Member
    Threadstarter

    Join Date
    22 Jul 2008
    Location
    Rosebud, Mornington Peninsula
    Posts
    2,838
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well i saw malwarebytes scan that dir and nothing showing as bad as yet ....

    Editedan finished one little file that was just a trace file but nothing to do with that file - so its back quarrantined again...
    Last edited by Miaow; 14-10-2009 at 3:38pm.

  12. #12
    Member
    Threadstarter

    Join Date
    22 Jul 2008
    Location
    Rosebud, Mornington Peninsula
    Posts
    2,838
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I sent it off to AVG for analysis - will see what they say...

    This site has me a little worried:
    http://www.prevx.com/filenames/21291.../WJQS.EXE.html
    Last edited by Miaow; 14-10-2009 at 6:29pm.

  13. #13
    Member
    Threadstarter

    Join Date
    22 Jul 2008
    Location
    Rosebud, Mornington Peninsula
    Posts
    2,838
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    AVG have replied and yep its a trojan...

    Dear Sir/Madam,

    thank you for your e-mail.

    Please let us inform you that the file attached to your previous
    e-mail was new version of Trojan horse. Detection of the infection
    will be available within one of the next AVG virus definitions
    updates. AVG updates are released in reaction to amount and severity
    of new threats. It is recommended to check for new updates at least
    once a day. Checking every 4 hours will guarantee that your AVG Virus
    base is kept up-to-date.

    Thank you for your cooperation.

    Best regards,
    Edited to add its now no longer there - deleted it
    Last edited by Miaow; 14-10-2009 at 10:49pm.

  14. #14
    Member
    Threadstarter

    Join Date
    22 Jul 2008
    Location
    Rosebud, Mornington Peninsula
    Posts
    2,838
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Very interesting - just looked up Adobe Reader and trojans and it looks like its very vunderable to backdoor attacks though i never opened a pdf like it said would need to infect it - well recently

    New article dated 13th Oct
    http://www.enigmasoftware.com/adobe-...-on-computers/
    Last edited by Miaow; 15-10-2009 at 5:11pm.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •