Anyone heard of ewnovxsarm.exe?

hi
avast free found this file and google doesnt have any info on it at all.
Found at: c:/users/appdata/local/temp

Upload the file to:

https://www.virustotal.com/

And post the log 8)

pretty sure that comes up as malware…

I always consider .exe files in temp locations suspect unless I know why they are there whilst you are actually installing a program. But given the only search hit for this file name in google or yahoo is the the one in this topic, very highly suspect.

well i put it in the virus chest did a bootscan which came up clear.
funny thing tho about 2 days ago i noticed an unknown user on my network, i immediately
pulled the plug and changed the passwords and havent seen the intruder since.

You might be correct.

Format used for explorer.exe is c:\users\appdata\local\temp but you have c:/users/appdata/local/temp. Former is correct for the file system used; the latter is descriptive of the format used for url (internet) link chains.

This assumes you wrote the correct format in posting.

I’d check for any malware remnants on your system and post back if the above is true. You have WPA2-PSK security set on your wireless modem? WPA-PSK can be hacked in 5 minutes. WEP is totally useless for security. What do you have?

i have WPA2-PSK. Old pw wasnt very strong but sure is now.
Still i was quite shocked at the security breach as it must have been my neighbour as the signal strength outside my home is very weak. i turned off ssid as well.
sorry bout the wrong format.

In case anyone is interested here is my avast scan log.

Avast:
*

  • avast! Scan Report
  • This file is generated automatically
  • Scan name: Unnamed scan
  • Started on: Wednesday, October 17, 2012 6:02:06 AM
  • VPS: 121016-0, 16/10/2012

C:\Users\Craig Garage\AppData\Local\Temp\ewnocxsarm.exe [L] Win32:MalPack-D [Trj] (0)
Infected files: 1
Total files: 450936
Total folders: 36992
Total size: 152.4 GB

  • Scan stopped: Wednesday, 17 October 2012 6:08:30 a.m.
  • Run-time was 6 minute(s), 24 second(s)

Manual Removal Instructions for Win32:MalPack-D [Trj]:

  1. Determine the name of the Trojan program by using regedit or another utility to edit the system registry. View the “Services” parameter in the [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] key; this parameter gives the full path to the malicious program.

  2. Use Task Manager to terminate the process with the Trojan name.

  3. Delete the original Trojan file.

  4. Delete the following value from the system registry key:
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
    “Services”=“”

Best is to do this removal instructions under the guidance of a qualified removal expert, , who has been informed. So wait for instructions,

polonus

What problems are you experiencing ?

Download OTL to your Desktop
Secondary link

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

https://dl.dropbox.com/u/73555776/OTL_Main_Tutorial.gif

[*]Select All Users
[*]Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT

[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Attach both logs