I've been checking the file "Jumping Jack.exe" and this is what I've come up with.
First off, with the help of a file analyser I found out that the files original name is stub.shark.exe , and that its product name is projekt1.
Not knowing what this was I decided to google it and found this:
http://www.whatsrunning.net/whatsrunnin ... cess=13984
This is a report for a process called "winddl32.exe". Apparently this files original name is stub.shark.exe too and has the same product name as well. In order to find out more I decided to go one step further and google the file"winddl32.exe".
After doing a little searching I found out that the file "winddl32.exe" is not a normal Windows file and most likely a form of spyware. However I came upon this thread:
http://forums.extremeoverclocking.com/s ... ?p=2775081
The main poster in that thread explained how a program called "projekt1" was trying to communicate with a remote computer on port 555. Another user pointed out the process "winddl32.exe" as the source of this annomaly.
It is therefore my conclusion that the file "Jumping Jack" is infact a trojan, aka Shark.F / VB-EHP .
Now I'm not sure if the main poster of this thread changed the file with a trojan, but if you've already tried to run the file then I suggest you follow these steps to remove the trojan that the file may have placed onto your pc.
===============Recovering==============
1. Please download The Avenger by Swandog46 to your Desktop.
http://swandog46.geekstogo.com/avenger.zip
Click on Avenger.zip to open the file
Extract avenger.exe to your desktop
2. Copy all the text (including the 'Files to delete') contained in the code box below to your clipboard by highlighting it and pressing Ctrl+C:
(!empty($user->lang['CODE'])) ? $user->lang['CODE'] : ucwords(strtolower(str_replace('_', ' ', 'CODE'))):
Files to delete:
C:\Windows\System32\winddl32.exe
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by clicking on its icon on your desktop.
Under "Script file to execute" choose "Input Script Manually".
Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
Paste the text copied to clipboard into this window by pressing (Ctrl+V).
Click Done
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to
C:\avenger\backup.zip.
I'm not going to try and run the program, but I seriously suggest removing it from TU. Besides, hacks like these are usually easially detectable by the warden.
WOW Hacks - Safe Walljump Tool : World of Warcraft Nerfed Info - Page 2
. Tbh I just get really annoyed when I see someone post a possible virus/trojan on these forums, and it's that which drives me to look further into the issue.
RSS Feed
Sitemap
