virus spyware what is this?  | | | 
February 8th, 2005, 09:14 PM
|
#31 (permalink)
| | It's the cheese guy! ¬_¬;
Join Date: Aug 2003 Location: Gateshead U.K.
Posts: 9,167
|
jp, it was his thread 
mbandela, i thought you already had shareaza, that is a clean program, as is emule. | 
|  | |
February 8th, 2005, 10:02 PM
|
#33 (permalink)
| | It's the cheese guy! ¬_¬;
Join Date: Aug 2003 Location: Gateshead U.K.
Posts: 9,167
|
micfau, those look like the first two linkies i got when i plugged soundman.exe into a google search. | |
| | |
February 8th, 2005, 11:44 PM
|
#34 (permalink)
| | Ultimate Member
Join Date: Oct 2001 Location: Queen Creek, AZ
Posts: 1,480
| From Sophos Antivirus Quote:
W32/Agobot-JS is a worm that spreads to remote shares with weak passwords.
The worm copies itself as soundman.exe to the Windows system folder
To run on startup the worm installs itself as a service called soundman and sets the following registry entries:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run \soundman
= soundman.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services\soundman
= soundman.exe
The Trojan attempts to terminate and disable various anti-virus and security-related programs and modifies the HOSTS file located at <WINDOWS>\System32\Drivers\etc\HOSTS, mapping selected anti-virus websites to the loopback address 127.0.0.1 in an attempt to prevent access to these sites. Typically the following mappings will be appended to the HOSTS file:
127.0.0.1 www.grisoft.com
127.0.0.1 www.trendmicro.com
127.0.0.1 trendmicro.com
127.0.0.1 rads.mcafee.com
127.0.0.1 customer.symantec.com
127.0.0.1 liveupdate.symantec.com
127.0.0.1 us.mcafee.com
127.0.0.1 updates.symantec.com
127.0.0.1 update.symantec.com
127.0.0.1 www.nai.com
127.0.0.1 nai.com
127.0.0.1 secure.nai.com
127.0.0.1 dispatch.mcafee.com
127.0.0.1 download.mcafee.com
127.0.0.1 www.my-etrust.com
127.0.0.1 my-etrust.com
127.0.0.1 mast.mcafee.com
127.0.0.1 ca.com
127.0.0.1 www.ca.com
127.0.0.1 networkassociates.com
127.0.0.1 www.networkassociates.com
127.0.0.1 avp.com
127.0.0.1 www.kaspersky.com
127.0.0.1 www.avp.com
127.0.0.1 kaspersky.com
127.0.0.1 www.f-secure.com
127.0.0.1 f-secure.com
127.0.0.1 viruslist.com
127.0.0.1 www.viruslist.com
127.0.0.1 liveupdate.symantecliveupdate.com
127.0.0.1 mcafee.com
127.0.0.1 www.mcafee.com
127.0.0.1 sophos.com
127.0.0.1 www.sophos.com
127.0.0.1 symantec.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1 www.symantec.com | http://www.sophos.com/virusinfo/anal...2agobotjs.html
I think that about covers it for soundman.exe.. but also soundman.exe appears to be part of the realtek sound card drivers too.. sooo.. whic one is it? I would guess to say it is the virus peronally
__________________
Never argue with a computer, without a hammer.
Never program and drink beer at the same time.
Never trust a programmer who carries a screwdriver.
| |
| | |
February 9th, 2005, 05:59 AM
|
#35 (permalink)
| | Ultimate Member
Join Date: Jun 2004 Location: England
Posts: 1,407
|
Well I have Creative 5.1 speakers and VIA 5 point audio on my sound card. I think I also have soundman.exe on my system.
I never installed any Creative software so is soundman a trojan or an audio driver? The automatic HijackThis log analysers say soundman is safe. | |
| | |
February 9th, 2005, 08:50 AM
|
#36 (permalink)
| | It's the cheese guy! ¬_¬;
Join Date: Aug 2003 Location: Gateshead U.K.
Posts: 9,167
|
azkidd, the virus version is apparently
c:\windows\system\soundman.exe
but the clean version is apprently
c:\windows\soundman.exe
this second, aparrently clean, version is the one mentioned in the hjt log.
Last edited by paul9 : February 9th, 2005 at 09:20 AM.
| |
| | | Thread Tools | Search this Thread | | | | |
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | | | | Most Active Discussions  | | | | |   Recent Discussions  | | | | |
 |
hardware
prices 
