denis Report post Posted May 28, 2008 After a test with that program it came up with this. This executable program has a file size of 126,464 bytes, it is most frequently called WMIAPSRV.EXE and is most frequently located in the %windir%\softwaredistribution\download\??\ folder. The file header contains the following information: Vendor : Microsoft Corporation Product: WMI-prestatieadapterservice Version: 5.1.2600.551 This file is considered unsafe and is part of the malware group, LoveBoom:Worm-a. It was first seen on Friday, May 2 2008. It has been seen frequently by 369 users in this section of the community. The file was first seen in NETHERLANDS but has been seen in other locations, including The EUROPEAN UNION. WMIAPSRV.EXE has been seen to perform the following behaviors: - Registers a Dynamic Link Library File - The Process is polymorphic and can change its structure - Executes a Process WMIAPSRV.EXE has been the subject of the following behaviors: - Created as a new Background Service on the machine - Executed as a Process - Added as a Service in the System Registry Current Control Set - Created as a process on disk - Has code inserted into its Virtual Memory space by other programs - Deleted as a process from disk - Terminated as a Process Doing a reboot with firstdefence and will post a new logfile, i am sure sas will find nothing. Share this post Link to post Share on other sites
denis Report post Posted May 28, 2008 SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 05/28/2008 at 02:15 PM Application Version : 4.1.1046 Core Rules Database Version : 3469 Trace Rules Database Version: 1460 Scan type : Complete Scan Total Scan Time : 00:15:14 Memory items scanned : 324 Memory threats detected : 0 Registry items scanned : 6006 Registry threats detected : 0 File items scanned : 29247 File threats detected : 0 Sas didn't found it. How can i be sure there is nothing wrong? Thx. Share this post Link to post Share on other sites
SUPERAntiSpy Report post Posted May 28, 2008 E-Mail that file to samples AT superantispyware.com and we'll check it out. Share this post Link to post Share on other sites
denis Report post Posted May 28, 2008 Thanks, sending it right now, not sure if you get it. Share this post Link to post Share on other sites
denis Report post Posted May 28, 2008 How do i send it, outlook always blocking it? Share this post Link to post Share on other sites
SUPERAntiSpy Report post Posted May 28, 2008 How do i send it, outlook always blocking it? Zip it, then send it. Share this post Link to post Share on other sites
denis Report post Posted May 28, 2008 Thanks that did it I am sending it 2 times, i found it 2 times on a different location. Share this post Link to post Share on other sites
