|
-
September 11th, 2003, 01:35 AM
#1
Member
ipcNL.exe
Hey all,
Does anyone know wht this ipcNL.exe application does in windows OS............. I was hit by this "W32.Valla.2048" virus...it was in ipcNL.exe file.......my AV caught this and cleaned the file. So I was wondering what this application really does.....it was found in "winnt\system32" dir.
I did a google search..........but all came up with the virus info.....nothing about the ipcNL application.
I am using 2k pro.
Thx in advance
-
September 11th, 2003, 01:55 AM
#2
I think this file is associated with Muma virus
ALIAS: Worm.Win32.Muma, HackTool.Win32.Hucline, Mumu, W32/Muma, BAT/Muma.A, BAT/Passer.A
see following URL:
http://www.f-secure.com/v-descs/muma.shtml
Here's a quote from url:
"This new variant copies only two files, one of them is a zip archive containing all the files belonging to the worm, specifically: "
NTSERVICE.BAT
IPCNL.EXE
-
September 11th, 2003, 02:03 AM
#3
there is no valid windows file named ipcNL.exe. this file is part of the process certain worms use to spread (like MUMA).
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
September 11th, 2003, 04:34 AM
#4
Bat/Mumu-B
Aliases
HackTool.Win32.Hucline, Bat/Muma-A
Type
Batch file worm
Detection
A virus identity file (IDE) file which provides protection is available now from the Latest virus identities section, and is incorporated into the August 2003 (3.72) release of Sophos Anti-Virus.
Sophos has received several reports of this worm from the wild.
Note: Sophos has been detecting Bat/Mumu-B since 10:08 GMT on 18 June, but has issued this new IDE to improve detection.
Description
Bat/Mumu-B, like Bat/Mumu-A, is a network worm that consists of a collection of hacking tools and scripts used to discover and exploit common configuration problems of the IPC$ share on Windows computers.
Vulnerable systems are found by scanning random IP addresses. The worm spreads by copying the files ntservice.bat and ipcnl.exe to the Windows system32 folder of the remote machine.
Bat/Mumu-B uses the Trojan Troj/Hacline-A to scan remote machines.
The worm starts the Trojan Troj/PcGhost that logs keystrokes and steals passwords and attempts to send them to a preconfigured email account at certain intervals.
Bat/Mumu-B also attempts to weaken the security of the computer by creating an account in the local admin group with the username admin and the password KKKKKKK.
Bat/Mumu-B mainly consists of the following BAT files:
10.BAT
HACK.BAT
IPC.BAT
MUMA.BAT
NEAR.BAT
RANDOM.BAT
REPLACE.BAT
START.BAT
SS.BAT
with TXT files:
IPCPASS.TXT
NWIZE.IN_
NTSERVICE.INI
SPACE.TXT
TIHUAN.TXT
and also contains the following clean executables:
PSEXEC.EXE (A networking utility)
REP.EXE (A string manipulation utility)
PCMSG.DLL (A legitimate utility associated with logging keystrokes).
NTSERVICE.EXE (A utility to start services under Windows NT).
Recovery
Please follow the instructions for removing worms.
Bat/Mumu-B exploits weak network security. If Bat/Mumu-B has spread over your network you should check permissions and passwords, particularly domain administrator passwords, on your network.
http://www.sophos.com/virusinfo/analyses/batmumub.html
-
September 11th, 2003, 05:17 AM
#5
Member
Thanks for ur comments...
I was thinking that file is needed for the IPC$ share......since my AV program did not delete this file (or am I suppose to delete it manually?). However it shows that the file is clean.
Do you guys think I should delete this file?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
