ClamWin AV detected this when I scanned my computer:
C:\WINDOWS\lpr123.exe: Worm.Gaobot.167 FOUND
– summary –
Known viruses: 27913
Scanned directories: 5137
Scanned files: 73891
Infected files: 1
Data scanned: 16420.51 MB
I/O buffer size: 131072 bytes
Time: 14813.922 sec (246 m 53 s)
I scanned my computer with Command Antivirus and Avast and neither found anything. Does anyone know anything about this lpr123.exe file?
I run windows update weekly so how could this be Gaobot?
Hi MAC,
Please use Jotti scanner and let us know the results, if only one anti-virus detects it, then its properly a false positive.
–lee
Looks like the Remote Password Stealer originating from FindPassword.com.
Creates the following files:
FILE:%WINDOWS%\Lpr123.exe
FILE:%WINDOWS%\Spdhook.dll
FILE:%WINDOWS%\Spd123.ini
and adds the following registry keys:
RUN:lpr
RUN:lpr123.exe
This ClamAV-detection is only 2 days old:
Info
so maybe it’s not too good a signature…
But please submit file to alwil, as it definitely seems suspicious
ok I will try to locate the file
THis is wierd, Clamwin is set to report only which it did. So why Can’t I find the file? I went to the folder options and checked the show hidden files and folders option. still could not find anything. I used the search function telling it to search in hidden files in folders and still did not find it. I even tried searching in safe mode.
I tried the following AV scanners
Avast
Antivir
House Call
Command AV
F-Secure AV (which includes the KAV engine)
@ .:Mac:.
Try a registry search for the 2 values Eddy mentioned
no there are no registry entries like that. I will contact the maker of ClamAV (alch) and ask him why his scanner is detecting this.
Hi MAc,
try ESCAN in SafeMode: See " VirusRemoval" below for link
Guys Alfter talking with alch about the problem he gave me a small patch and the version now reads 0.37.3.0.1 and the FP is gone.