9uwR.exe

Learn about Computer Security Virus/Malware Removal Assistance
#1

Hi,

I was browsing Google’s image search when some site appreared to drop a file to my computer, C:\Users\username\AppData\Local\Temp/9uwR.exe which attempted an outgoing connection to the net which i blocked with comodo. So far i havent been able to figure out how the file got through or what it actually is. Comodo didn’t find any infections. I’m using windows vista/firefox 4/comodo internet security . Any help would be appriciated, thanks.

#2

Do you still have this file on disk?
Can you upload it to www.virustotal.com to see what over AV’s think of it?

Please also upload it on these, the first you can submit it as malware, the second generates a verdict.
Comodo Antivirus Database | Submit Files for Malware Analysis?
http://valkyrie.comodo.com/

#3

Thanks for replying Ronny. I did what you asked and got the following results

http://valkyrie.comodo.com/Result.aspx?sha1=5D3A8164DEB350EF8ADFF09DFFD9E5A854211741&&query=0&&filename=9uwR.exe

http://www.virustotal.com/file-scan/report.html?id=872a80662fc64778a4a6334ee9cda031984cdafd2032391494655ee402f5e3f6-1302692975

So apparently i need to get something disinfected/removed

How do you suggest me to go forward from here?

Thanks.

#4

Well on it’s own this looks like a dropper that tries to download ‘real’ malware.
As you blocked it’s traffic out to the internet with the FW I think it wasn’t able to download more bad stuff.

First of all you can verify you system with some second-opinion scanners

The infection for this thing will highly likely be the exe file you already detected.
You can copy it to a folder to save it so you can get it analyzed if needed later, best procedure is to password protect it in a .zip archive.

If you interested in a more details report of what this file does you can upload it here, it will create a nice report of it’s findings http://anubis.iseclab.org/index.php

Depending on the rest of you setup we could evaluate further measures.

#5

Malwarebytes detected the file as a malware.packer but as you said I dont think it managed do any other harm. Some dodgy stuff in the anubis report though but i havent been able to detect any changes

http://anubis.iseclab.org/?action=result&task_id=11ef47930903dcc14997b0f335b4f8dec&format=html#id263571

Think I got off with a scare this time, thanks for your help!

#6

Yes it looks like the report shows it didn’t cause any permanent changes, only tried to download the second stage of the malware which didn’t work on your system.

#7

From now on, you could use Sandboxie on top of CIS to have an additionnal layer of security.

#8

You might find some useful information in this article:
How to Stay Safe While Online