This is a malware, or unsafe, program. This file has been identified as malware (Spyware, Virus, Trojan, Worm, etc). You should immediately run a spyware removal program and a antivirus scanner.
Name: [not used]
Filename: init32m.exe
Description: Added by the Troj/Dloader-JT or Troj/Dlsw-B trojan downloaders.
File Location: %System%
Startup Type: If you are running Windows 95/98/ME, this startup entry is being started via the Shell= line in the Windows\system.ini file.
If you are running Windows NT/XP/2000/2003, this startup entry is being started via the Shell= line in the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
Note: %System% is a variable that refers to the Windows System folder. By default this is C:\Windows\System for Windows 95/98/ME, C:\Winnt\System32 for Windows NT/2000, or C:\Windows\System32 for Windows XP.
Thanks… I realize that after deleting the reference of it into the Shell= line in the registry key (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell), no other antispyware could detect it. I hope I’m already clean but I’ll do a full avast scan anyway.
Thanks Karel 8)
Wonderful, we should be thanking Technical for being the first person to be infected and not anyone else that doesn’t have much experience over these type of things.
File: init32m.exe
Status:
INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file’s scan results will not be stored in the database)
MD5 32a31758d67926dcb8520662391ceab2
or
MD5 1b8d632302ec598f78fbc146388ca0a5
Packers detected:
UPX
Scanner results
AntiVir Found TR/Dldr.Agent.HO
Avast Found nothing
AVG Antivirus Found Downloader.Agent.8.AQ
BitDefender Found Trojan.Downloader.Agent.HO
ClamAV Found Trojan.Downloader.Small-431
Dr.Web Found Trojan.DownLoader.2211
F-Prot Antivirus Found nothing
Fortinet Found W32/Agent.HO-tr
Kaspersky Anti-Virus Found Trojan-Downloader.Win32.Agent.ho
mks_vir Found Trojan.Downloader.Agent.Ho
NOD32 Found Win32/TrojanDownloader.Small.APX
Norman Virus Control Found W32/Agent.CVB
VBA32 Found Trojan-Downloader.Win32.Agent.ho
Raman, I’ll test it tomorrow… It’s too late now to find where I left my MD5 test utility… ;D
Anyway, it should be tested against the last VPS (updated) and maybe not right now
We’re being ‘less’ protected if Alwil does not update VPS even more frequently and deeper than it’s doing right now
File: init32m.exe
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file’s scan results will not be stored in the database)
MD5 7818e137accf86f1f09de7420bf6afcb
Packers detected: UPX
Scanner results
AntiVir Found nothing
Avast Found nothing
AVG Antivirus Found Downloader.Agent.8.AQ
BitDefender Found BehavesLike:Trojan.ShellStartup (probable variant)
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found Trojan-Downloader.Win32.Small.amq
mks_vir Found nothing
NOD32 Found probably unknown NewHeur_PE (probable variant)
Norman Virus Control Found nothing
VBA32 Found nothing
Raman (or anybody else), is there any list of known spyware processes names?
If this names does not ‘match’ other known clean processes (for instance, svchost.exe), can’t we block this processes to run into our firewall, making rules? Do we need the full path of the executables to do so?
The first thing is, you have to avoid that this kind of malware installs itself to the pc, by using up to date Software(browser, os av a.s.o) or better(imo) not uing IE.
My question is, does Avast remove this stupid trojan or not? It seems the responses weren’t that positive. It is sitting on a friend’s computer and she is NOT a happy camper.
Am I going to have to drive the two hundred miles to her house to pull the arms and legs off this thing the old fashion way byte by byte?
She updated Antivirus (Avast) and it locked up her computer. I managed to get her going again by reloading from a prior safe date.
always,
Barb
This stupid trojan has several names. The one Avast calls it is.
TR/Dldr.Agent.SY
It isn’t malicious in itself but it downloads malicious files after it gets hold of the computer. Susan has her computer up and running without the virus active after going back to a prior backup on the HD. She does NOT have a OS disk as it wasn’t sold to her when she bought the new HP machine from Best Buy, USA.
Avast locked up when she downloaded the update and tried to get rid of this trojan file. This trojan installs itself in the windows directory and system files.
Susan is fair with a computer but not half a geek like me. Because I’m not a full geek I really can’t explain to her where to access all the files because I have to be looking at the computer when I’m working on it to know where I’m going.
Is it possible to download a CD boot disk I can send to her to wipe that trojan off her computer? Or am I going to do it the old fashion way?
Hello DOS my old friend. Remember me? We used to write programs together years back. Wanna help me take a byte out of a trojan virus?
always,
Barb