_ex-08.exe (_ex-08) Trojan Virus File Information
_ex-08.exe is a dangerous file which creates activities on a user’s computer which may be highly undesirable. This file is unsafe. |
---|
Type: Trojan Virus Dropper (Click Here To Learn More)
Location: C:\WINDOWS\temp\_ex-08.exe (Click Here To Learn How To Locate)
Risk Level: Moderate (Learn More About Risk Levels)
_ex-08.exe, a computer trojan virus dropper, generally downloads Total Security, a fake antivirus program, to the user’s computer.
It is recommended that you remove any malicious software such as _ex-08.exe from your computer immediately. Below is our recommended removal tool for _ex-08.exe. The removal tool has been rated 5 cows out of 5 by Tucows and was previously CNET’s Editor’s Choice. Feel free to download it below.
Manual Removal – _ex-08.exe may be removed through analyzing your HijackThis log. Feel free to post your hijackthis log below if you need assistance analyzing it. Hijackthis will be ideal to manually remove the virus
Click Here To Learn About HijackThis. To download HijackThis, please click HERE.
_ex-08.exe File Details -
File Type – EXE – _ex-08.exe is a executable file
First Identified – Aug 26 2023
Common Questions -
1. What is a computer virus? (Click Here To View)
2. How did I get this computer virus? (Click Here To View)
3. What common symptoms show that my computer may be infected? (Click Here To View)
4. What are some antivirus and antispyware programs which I can use to remove viruses and spyware? (Click Here To View)
We recommend that you follow our safety tips so that you can keep your computer clean. Please click here to view our safety tips
Please post comments below. Your comments are both useful to visitors and to us.
This entry was posted on Wednesday, August 26th, 2023 at 3:09 am and is filed under Suspicious File. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
patrick costa December 14th, 2023 at 3:38 am
Please help. I keep getting redirected when i click on any link on the internet and my scans are picking up nothing. Also, when i restart my computer everything freezes for about twenty minutes, no windows will open. My virus scan will work but nothing else. Any suggestion?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:36 PM, on 12/13/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Dell V505\dldwMsdMon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 – Hosts: ::1 localhost
O2 – BHO: Dell Toolbar – {09B71986-2AC5-482d-B6CB-42EA34F4F85B} – C:\Program Files\Dell Toolbar\toolband.dll
O2 – BHO: AcroIEHelperStub – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 – BHO: RealPlayer Download and Record Plugin for Internet Explorer – {3049C3E9-B461-4BC5-8870-4C09146192CA} – C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 – BHO: Spybot-S&D IE Protection – {53707962-6F74-2D53-2644-206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 – BHO: SSVHelper Class – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} – C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 – Toolbar: (no name) – {CCC7A320-B3CA-4199-B1A6-9F516DD69829} – (no file)
O3 – Toolbar: Dell Toolbar – {09B71986-2AC5-482d-B6CB-42EA34F4F85B} – C:\Program Files\Dell Toolbar\toolband.dll
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 – HKLM\..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”
O4 – HKLM\..\Run: [dldwmon.exe] “C:\Program Files\Dell V505\dldwmon.exe”
O4 – HKLM\..\Run: [dldwamon] “C:\Program Files\Dell V505\dldwamon.exe”
O4 – HKLM\..\Run: [notepad] rundll32.exe C:\Windows\system32\notepad.dll,_IWMPEvents@0
O4 – HKLM\..\Run: [CTFMON] C:\Windows\Temp\_ex-08.exe
O4 – HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 – HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 – HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 – HKCU\..\Run: [uTorrent] “C:\Program Files\uTorrent\uTorrent.exe”
O4 – HKCU\..\Run: [notepad] rundll32.exe C:\Windows\system32\config\SYSTEM~1\ntload.dll,_IWMPEvents@0
O4 – HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 – HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 – HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O9 – Extra button: (no name) – {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 – Extra ‘Tools’ menuitem: Spybot – Search & Destroy Configuration – {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 – Gopher Prefix:
O16 – DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) – https://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 – Winlogon Notify: GoToAssist – C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (file missing)
O23 – Service: Avira AntiVir Scheduler (AntiVirSchedulerService) – Avira GmbH – C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 – Service: Avira AntiVir Guard (AntiVirService) – Avira GmbH – C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 – Service: Apple Mobile Device – Apple Inc. – C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 – Service: Bonjour Service – Apple Inc. – C:\Program Files\Bonjour\mDNSResponder.exe
O23 – Service: dldwCATSCustConnectService – Unknown owner – C:\Windows\system32\spool\DRIVERS\W32X86\3\\dldwserv.exe
O23 – Service: dldw_device – – C:\Windows\system32\dldwcoms.exe
O23 – Service: Intel(R) PROSet/Wireless Event Log (EvtEng) – Intel Corporation – C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 – Service: GoToAssist – Citrix Online, a division of Citrix Systems, Inc. – C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 – Service: iPod Service – Apple Inc. – C:\Program Files\iPod\bin\iPodService.exe
O23 – Service: NVIDIA Display Driver Service (nvsvc) – NVIDIA Corporation – C:\Windows\system32\nvvsvc.exe
O23 – Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) – Intel Corporation – C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 – Service: Remote Procedure Call (RPC) Net (rpcnet) – Absolute Software Corp. – C:\Windows\system32\rpcnet.exe
O23 – Service: SBSD Security Center Service (SBSDWSCService) – Safer Networking Ltd. – C:\Program Files\Spybot – Search & Destroy\SDWinSec.exe
–
End of file – 6285 bytes