September 11th, 2003, 02:35 AM
Does anyone know wht this ipcNL.exe application does in windows OS............. I was hit by this "W32.Valla.2048" virus...it was in ipcNL.exe file.......my AV caught this and cleaned the file. So I was wondering what this application really does.....it was found in "winnt\system32" dir.
I did a google search..........but all came up with the virus info.....nothing about the ipcNL application.
I am using 2k pro.
Thx in advance
September 11th, 2003, 02:55 AM
I think this file is associated with Muma virus
ALIAS: Worm.Win32.Muma, HackTool.Win32.Hucline, Mumu, W32/Muma, BAT/Muma.A, BAT/Passer.A
see following URL:
Here's a quote from url:
"This new variant copies only two files, one of them is a zip archive containing all the files belonging to the worm, specifically: "
September 11th, 2003, 03:03 AM
there is no valid windows file named ipcNL.exe. this file is part of the process certain worms use to spread (like MUMA).
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
September 11th, 2003, 05:34 AM
Batch file worm
A virus identity file (IDE) file which provides protection is available now from the Latest virus identities section, and is incorporated into the August 2003 (3.72) release of Sophos Anti-Virus.
Sophos has received several reports of this worm from the wild.
Note: Sophos has been detecting Bat/Mumu-B since 10:08 GMT on 18 June, but has issued this new IDE to improve detection.
Bat/Mumu-B, like Bat/Mumu-A, is a network worm that consists of a collection of hacking tools and scripts used to discover and exploit common configuration problems of the IPC$ share on Windows computers.
Vulnerable systems are found by scanning random IP addresses. The worm spreads by copying the files ntservice.bat and ipcnl.exe to the Windows system32 folder of the remote machine.
Bat/Mumu-B uses the Trojan Troj/Hacline-A to scan remote machines.
The worm starts the Trojan Troj/PcGhost that logs keystrokes and steals passwords and attempts to send them to a preconfigured email account at certain intervals.
Bat/Mumu-B also attempts to weaken the security of the computer by creating an account in the local admin group with the username admin and the password KKKKKKK.
Bat/Mumu-B mainly consists of the following BAT files:
with TXT files:
and also contains the following clean executables:
PSEXEC.EXE (A networking utility)
REP.EXE (A string manipulation utility)
PCMSG.DLL (A legitimate utility associated with logging keystrokes).
NTSERVICE.EXE (A utility to start services under Windows NT).
Please follow the instructions for removing worms.
Bat/Mumu-B exploits weak network security. If Bat/Mumu-B has spread over your network you should check permissions and passwords, particularly domain administrator passwords, on your network.
September 11th, 2003, 06:17 AM
Thanks for ur comments...
I was thinking that file is needed for the IPC$ share......since my AV program did not delete this file (or am I suppose to delete it manually?). However it shows that the file is clean.
Do you guys think I should delete this file?