Jump to content
Sign in to follow this  
Followers 0
darkdemn777

Trojan.Winsystems.exe ( is this a new threat or a bummer?)

By darkdemn777, in False Positives

Recommended Posts

darkdemn777   

darkdemn777
Posted

:huh: ...um ...hello ... am new in these here forum... and uh...

I'd like to report on this winsystems.exe which SUPER claims is a trojan variant.

... if you're ever wondering whether or not i've gotten the latest version and updates... it's 4.33. and if anyone else here thinks this version is old... please don't hesitate to mock me.

And without further a do... here's my report list.

1.)

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 02/15/2010 at 09:33 PM

Application Version : 4.33.1000

Core Rules Database Version : 4584

Trace Rules Database Version: 2396

Scan type : Custom Scan

Total Scan Time : 01:39:52

Memory items scanned : 232

Memory threats detected : 0

Registry items scanned : 7166

Registry threats detected : 0

File items scanned : 53082

File threats detected : 6

Adware.Tracking Cookie

C:\Users\JOEY\AppData\Roaming\Microsoft\Windows\Cookies\Low\joey@advertising[2].txt

C:\Users\JOEY\AppData\Roaming\Microsoft\Windows\Cookies\Low\joey@at.atwola[1].txt

C:\Users\JOEY\AppData\Roaming\Microsoft\Windows\Cookies\Low\joey@doubleclick[2].txt

C:\Users\JOEY\AppData\Roaming\Microsoft\Windows\Cookies\Low\joey@revsci[1].txt

C:\Users\JOEY\AppData\Roaming\Microsoft\Windows\Cookies\Low\joey@statcounter[1].txt

Trojan.WINSYSTEMS

C:\WINDOWS\SYSTEMS.EXE

and then the next scan afterwards...

2.)SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 02/15/2010 at 02:27 PM

Application Version : 4.33.1000

Core Rules Database Version : 4584

Trace Rules Database Version: 2396

Scan type : Custom Scan

Total Scan Time : 01:40:15

Memory items scanned : 230

Memory threats detected : 0

Registry items scanned : 7154

Registry threats detected : 0

File items scanned : 52950

File threats detected : 18

Adware.Tracking Cookie

C:\Users\JOEY\AppData\Roaming\Microsoft\Windows\Cookies\Low\joey@ad.yieldmanager[1].txt

C:\Users\JOEY\AppData\Roaming\Microsoft\Windows\Cookies\Low\joey@adbrite[1].txt

C:\Users\JOEY\AppData\Roaming\Microsoft\Windows\Cookies\Low\joey@ads.networldmedia[1].txt

C:\Users\JOEY\AppData\Roaming\Microsoft\Windows\Cookies\Low\joey@ads.networldmedia[3].txt

C:\Users\JOEY\AppData\Roaming\Microsoft\Windows\Cookies\Low\joey@advertising[2].txt

C:\Users\JOEY\AppData\Roaming\Microsoft\Windows\Cookies\Low\joey@at.atwola[1].txt

C:\Users\JOEY\AppData\Roaming\Microsoft\Windows\Cookies\Low\joey@atdmt[1].txt

C:\Users\JOEY\AppData\Roaming\Microsoft\Windows\Cookies\Low\joey@atwola[1].txt

C:\Users\JOEY\AppData\Roaming\Microsoft\Windows\Cookies\Low\joey@dmtracker[1].txt

C:\Users\JOEY\AppData\Roaming\Microsoft\Windows\Cookies\Low\joey@doubleclick[1].txt

C:\Users\JOEY\AppData\Roaming\Microsoft\Windows\Cookies\Low\joey@networldmedia[1].txt

C:\Users\JOEY\AppData\Roaming\Microsoft\Windows\Cookies\Low\joey@revsci[2].txt

C:\Users\JOEY\AppData\Roaming\Microsoft\Windows\Cookies\Low\joey@tacoda[2].txt

C:\Users\JOEY\AppData\Roaming\Microsoft\Windows\Cookies\Low\joey@tribalfusion[2].txt

C:\Users\JOEY\AppData\Roaming\Microsoft\Windows\Cookies\Low\joey@vitamine.networldmedia[1].txt

C:\Users\JOEY\AppData\Roaming\Microsoft\Windows\Cookies\Low\joey@vitamine.networldmedia[3].txt

Trojan.Conficker/Variant

C:\USERS\JOEY\APPDATA\ROAMING\WOOJTTM.DLL

Trojan.WINSYSTEMS

C:\WINDOWS\SYSTEMS.EXE

and although the conficker's been removed...

i scanned once before... hell it's still there... that dam winsystems' still there!!!!!

I read in other forums that this is caused by a malware

Malware Description:

Captain Mnemo

Type: Password Capture

Type Description: Software that captures passwords typed by user entered into login dialogs.

Level of Danger: High

Default action: Remove

File names: winsystems.exe, setup.exe, captain mnemo pro, help.lnk, license agreement.lnk, captain mnemo pro.lnk, how to purchase.lnk, official web site.lnk, uninstall.lnk, captain mnemo pro.lnk, pl.dll, wscpmwcl.dll, wscpmset.dll, wscpmprg.dll, wscpmstr.dll, captain mnemo pro, winlogon.exe, help.chm, how to purchase.url, official web site.url, winsystems.exe, captain mnemo lite, capmnemolite.exe, u.exe, official web site.url, wscpmsetl.dll

and another says that it's a different kind of trojan...

Trojan.Yektel

Trojan.Yektel is a nefarious Trojan infection that tends to be installed onto a computer via a web browser security exploit, and without the user’s consent or knowledge thereof. Once this rogue application, Trojan.Yektel is installed it begins to download and install additional malware onto the infiltrated system, which may in turn cause serious issues and may render the infected computer useless. The fact that Trojan.Yektel can easily enter any PC system via security exploits and flaws, most times without the user’s interaction, means that it is that much easier for Trojan.Yektel to enter the system and ensure the system’s security is immensely compromised. All financial and personal data is at serious risk of being stolen, should a computer system have Trojan.Yektel present. Trojan.Yektel is particularly damaging to a computer system, once it has fully embedded itself within the PC’s system, therefore it is given a high priority security risk status by many computer analysts. Risks which may affect the PC’s system functions include: the opening of illicit network connections, the use of polymorphic tactics to self-mutate, the disabling of already installed security software, modification of system files, and not forgetting the installation of additional malware. The best way to deal with the threat of Trojan.Yektel is to simply remove it from the affected PC system.

and another calls it a government black project conspiracy-

Operation Celsus

a new form of private prodding through global manipulation and surveillance via personal home computers or other susceptable devices...

and some one else says that...

Bill Gates... after watching the surrogates saw how likely his invention is slowly turning the world into that of the movie that he secretly created a trojan to destroy all technological devices made by his company and other operating systems!!!

...Ok and any who... either of these reasons may sound really nice to believe but(just side with the reason you like best) if the SUPER program can't even handle removing this threat that other competitors claim to effectively remove it, then why continue using this program?

Look, i have no offense against SUPER. SUPER is the best cause it's free and it screws conficker. HURRAH for that. But despite removing one of the world's most dangerous threats, something so small yet irritatingly annoying can't possibly be removed by this specific program.

Either i'm wrong or that the program might be too strong to handle something so weak, those reasons i gave just now are a reason to take action and become aware. the last time we started noticing climate change was when the world became fully aware of this irreversable threat. Let's not make the same mistake here. So friends... what say you? :-)

Share this post

Link to post
Share on other sites

geoff   

geoff
Posted

Hi darkdemn777,

Have you run a complete scan after booting into Safe Mode? Please note that as of right now, the definitions version displayed in your scan logs are five revs out of date.

Thanks,

Geoff

Share this post

Link to post
Share on other sites

darkdemn777   

darkdemn777
Posted

Hi darkdemn777,

Have you run a complete scan after booting into Safe Mode? Please note that as of right now, the definitions version displayed in your scan logs are five revs out of date.

Thanks,

Geoff

dude... i updated... i was filled with hope... but then... the bastards still in...

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 02/18/2010 at 11:21 PM

Application Version : 4.33.1000

Core Rules Database Version : 4599

Trace Rules Database Version: 2411

Scan type : Complete Scan

Total Scan Time : 01:16:28

Memory items scanned : 206

Memory threats detected : 0

Registry items scanned : 7167

Registry threats detected : 0

File items scanned : 42268

File threats detected : 13

Adware.Tracking Cookie

C:\Users\JOEY\AppData\Roaming\Microsoft\Windows\Cookies\Low\joey@ad.yieldmanager[2].txt

C:\Users\JOEY\AppData\Roaming\Microsoft\Windows\Cookies\Low\joey@ads.ad4game[2].txt

C:\Users\JOEY\AppData\Roaming\Microsoft\Windows\Cookies\Low\joey@ads.admaxasia[1].txt

C:\Users\JOEY\AppData\Roaming\Microsoft\Windows\Cookies\Low\joey@advertising[1].txt

C:\Users\JOEY\AppData\Roaming\Microsoft\Windows\Cookies\Low\joey@at.atwola[1].txt

C:\Users\JOEY\AppData\Roaming\Microsoft\Windows\Cookies\Low\joey@atdmt[2].txt

C:\Users\JOEY\AppData\Roaming\Microsoft\Windows\Cookies\Low\joey@atwola[1].txt

C:\Users\JOEY\AppData\Roaming\Microsoft\Windows\Cookies\Low\joey@content.yieldmanager[2].txt

C:\Users\JOEY\AppData\Roaming\Microsoft\Windows\Cookies\Low\joey@content.yieldmanager[3].txt

C:\Users\JOEY\AppData\Roaming\Microsoft\Windows\Cookies\Low\joey@doubleclick[1].txt

C:\Users\JOEY\AppData\Roaming\Microsoft\Windows\Cookies\Low\joey@server.cpmstar[1].txt

C:\Users\JOEY\AppData\Roaming\Microsoft\Windows\Cookies\Low\joey@tacoda[2].txt

Trojan.WINSYSTEMS

C:\WINDOWS\SYSTEMS.EXE

p.s. i forgot to mention that my pc is a vista...64...

anymore bright ideas?

Share this post

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0
Go To Topic Listing False Positives
×