Nick_Black
08-09-2009, 03:45 PM
Hello, i had a process called 'collab.exe' on my computer, i did a search on it with no real result. and niether spybot, not avast, or any other software i tried reported anything about it. the processed closed with no hassle, but would start up again a while later, i checked under msconfig just now and noticed a file called 'bot" wich looked verry supicius, again, no warning from anywhere, no search hits or virus alerts from my software, i looked at the location (C:\windows\tempie) yes tempIE < no such folder should exist, i dug a bit deeper in that folder there was the executable 'collab.exe' and a few other files the one i got curius about was the "me.ini" i opened it up in a text editor and found it said this :
sloopint= 120
maindomain=myn3whostinc.com <-
backupdomain=k1ngcasino.info <- do [B]NOT go to thease 2 sites!
boxid= 153429
I checked the website (both lead to the same site) and all you get is a input box and a big picture of a blue butterfly.. kinda creapy....
i did a search of the website adress, turns out that that website is known for spam, and according to norton houses 2 trojans and 1 hacking tool (this is the norton readout) (http://static-safeweb.norton.com/report/show?name=mynewhostinc.com)
also, running a search on the whole hard drive i found it was not only installed in the "tempie" folder, but also had files in the system32 folder as well as the winsxs folder.
THIS SOFTWARE IS A VIRUS! (at least, all logic points to it)
my advice, close the running program, and use killbox to delete it (which I'm buisy doing right now)
I'm running Vista with all the latest updates
I would have posted this in one of those process liberary sites, but i found no way i could post on those sites, so i decided to post it here to let at least some of the computer community know.
wow... thats alot of text....
Cheers! feel free to comment!
sloopint= 120
maindomain=myn3whostinc.com <-
backupdomain=k1ngcasino.info <- do [B]NOT go to thease 2 sites!
boxid= 153429
I checked the website (both lead to the same site) and all you get is a input box and a big picture of a blue butterfly.. kinda creapy....
i did a search of the website adress, turns out that that website is known for spam, and according to norton houses 2 trojans and 1 hacking tool (this is the norton readout) (http://static-safeweb.norton.com/report/show?name=mynewhostinc.com)
also, running a search on the whole hard drive i found it was not only installed in the "tempie" folder, but also had files in the system32 folder as well as the winsxs folder.
THIS SOFTWARE IS A VIRUS! (at least, all logic points to it)
my advice, close the running program, and use killbox to delete it (which I'm buisy doing right now)
I'm running Vista with all the latest updates
I would have posted this in one of those process liberary sites, but i found no way i could post on those sites, so i decided to post it here to let at least some of the computer community know.
wow... thats alot of text....
Cheers! feel free to comment!