Sorry your browser is not supported!

And I can't figure out what the heck it is. I was just sitting here when my firewall alerted me of a program attempting to access out.

Source:
c:winntsystem32voblaizdupla.exe

Destination:
IP: http://81.177.3.175/
Port: 80

Nothing on the site, just a username/password prompt.

No search engine has anything for that filename.

File creation time says it was made just 4 minutes before it attempted to access the network. Me thinks me has a trojan somewhere. I just ran a scan the other day.

It is obviously renaming itself with nonsense so you can't track it down as easily. Anti-virus software should recognise it, unless it's very new.

I just updated NAV and adaware the other day when i did a full scan. And I haven't really been online much the past few days anyway, been busy with finals papers.

That IP traces to some site in Russia. It could be anything. Personally I'd rather not wait and find out. If Norton can't detect it (which is no wonder really, it's a quite terrible AV product, use something better like NOD32!) - then to be honest I would completely re-install Windows. Drastic, yes, but at least it would solve the problem.

Get a 100% fresh Winstall on there, get some good AV solution, update them both to the max, make sure it's running balls-out clean and then start putting your main apps back on. If it starts again, one of them is infected with spyware you lucky thing.

What Richard is saying is a good way to go, but before you do go and flatten your HD, check if you have any of these:

Startup name: MSN Messenger
Process name: msmsgs.exe

This one is added by the DLOADER-LN or ZLOB-C or ZLOBDROP-C or ZHOPA TROJANS.
This particular msmsgs.exe file is located in the WindowsSystem32 or WinntSystem32 folder.

Then we have the Microsoft Automatic Updater virus which uses Explorer.exe.
Its added by the RBOT-SG WORM Note - the valid "explorer.exe" file is located in C:Windows or C:Winnt, whereas this one is located in the WindowsSystem32 or WinntSystem32 folder.

And… MMB2...again it uses explorer.exe.
Added by an unidentified WORM or TROJAN. Again note that the valid "explorer.exe" will always be located in C:Windows or C:Winnt whereas this one is found in the C:WindowsSystem folder (Win98/ME) or in the C:WinntSystem32 or C:WindowsSystem32 subfolder (Win2K/XP)

Yes, another one, this is the System virus using….Explorer.exe.
Added by the GRAYBIRD TROJAN. Its in the C:WinntSystem32 area too.

A lot of the above are linked to Explorer.exe, so the question is did you use Explorer just before you noticed the warning? Of cause you don’t have to…as they can run themselves.


Also, it may be the VBS.Plan.B.
Its an Internet worm using the Outlook Address Book to spread itself and is extremely aggressive when spreading on the network.

Once the attachment is executed, the virus copies itself in three files on the system, 'LINUX32.vbs' and a vbs file with a random name in system folder C:WindowsSystem or C:WinntSystem32 and 'reload.vbs' in windows folder C:Windows or C:Winnt.
VBS.Plan.B also creates a file 'US-PRESIDENT-AND-FBI-SECRETS.HTM' in the system directory C:WindowsSystem or C:WinntSystem32.

Finally… Click “Start” then “run” then type in “msconfig”.

Click the start up tab, and see if there are any programs you don’t recoginze and if so, make a note of them and then uncheck them from the startup list.

Reboot, and see if it makes any difference.

Sorry, I cant help anymore, but good luck.

Cheers
Reaperman

open up norton's quarantine, add that file then click it and submit it to symantec, they will then tell you if it is a virus or not (or atleast should do) when i've done it it's usually come back after a day saying either yes or no

here you go