-
March 29th, 2004, 01:24 AM
#1
morze5.exe...what is this?
have a friend that is receiving a message about a missing shortcut when windows 98 starts referencing morze5.exe. i was able to tell her how to remove shortcuts from the Startup folder(there was 5...some with random numbers for names). her Etrust reports no infections but the startup items come back with every reboot with new random number names. Etrust won't update, which is nothing new i gather. i can't find anything about it on the net so far. any one know which virus this mite be?
-
March 29th, 2004, 05:42 AM
#2
Registered User
Originally Posted by geeksRus
have a friend that is receiving a message about a missing shortcut when windows 98 starts referencing morze5.exe. i was able to tell her how to remove shortcuts from the Startup folder(there was 5...some with random numbers for names). her Etrust reports no infections but the startup items come back with every reboot with new random number names. Etrust won't update, which is nothing new i gather. i can't find anything about it on the net so far. any one know which virus this mite be?
I could only find one Google reference to this file and that was on another forum where a guy posted his HijackThis logged from a pc filled with spyware.
Got to get scanning that pc with Spybot, Ad-aware and HijackThis I would say, assuming you haven't already done so.
emr
-
March 29th, 2004, 06:36 AM
#3
Geezer
Its a 'net nasty' (seen it before ) ... if your AV won't update ( I take it that's what Etrust is supposed to do) then that confirms it ! ..
So you want some AV that can run from DOS to clean up (or you can try & figure out just what virus this might be & do 'specific' removal things, but I find just starting in dos & doing it from there 'easier' ..) & then all the 'usual anti everything stuff' (so things that can 'innoculate' like spybot et al ..) as this ones usually coming from a BHO (browser 'helper' object).
-
March 29th, 2004, 11:21 PM
#4
morze5 and others
I was able to restart Windows 98 without the offending programs (morze5.exe, i38bupgo.exe, and others) after I ran 'msconfig' (from Start->Run) and unchecked some unknown tasks (including morze5) on the Startup tab. This tab, on msconfig, shows start up tasks that are in addition to those in the Startup menu folder.
One program 'GZGR85TV.exe' did not actually appear in the Startup folder although it was on the startup tab of msconfig. I suspect it may be sticking morze5.exe in the startup folder. I disabled and deleted it. So far, this seems to have worked.
-
March 30th, 2004, 05:58 AM
#5
Geezer
Originally Posted by wootendw
I was able to restart Windows 98 without the offending programs (morze5.exe, i38bupgo.exe, and others) after I ran 'msconfig' (from Start->Run) and unchecked some unknown tasks (including morze5) on the Startup tab. This tab, on msconfig, shows start up tasks that are in addition to those in the Startup menu folder.
One program 'GZGR85TV.exe' did not actually appear in the Startup folder although it was on the startup tab of msconfig. I suspect it may be sticking morze5.exe in the startup folder. I disabled and deleted it. So far, this seems to have worked.
So welcome to Windrivers wootendw ..
More as a btw than a 'fix it' type answer, you want to go get yourself something like adaware or spybot or HijackThis to help you identify just where in all of windows 'inards' all this might be hanging about & 'kill it good', be aware there's a whole raft of 'net nasties' (malware) that merrily goes around turning all the stuff you turned off with MSconfig back on ! Something to stop future 'malware' getting installed 'accidentally' will also help, if you google the names I gave they'll have 'companion' products which do just that ..
Something somewhere is still lurking most likely adding things back in ! Anti-Malware software (like mentioned) is a 'MUST HAVE' item nowadays, like it or not
-
March 30th, 2004, 07:49 AM
#6
I searched for morze5.exe on google and it showed me this article first. After a while I finally figured out what it was, so I thought I would share.
morze5.exe is one of the "random" names for winpup. Spybot and Adaware cannot detect winpup, because it changes its name (and adds a new registry key, etc.) each time it starts up. I don't think there exists a full list of every name it uses, but morze5, 704mgafw, oohlphnu, 1d8k66f6, xr6c7029, 030ey752, nb6glz7c, and 4e76oz4m are among them. If you open your running programs under regedit, anything that looks like a random assortment of unfamiliar numbers and letters that has the same thing listed for its name and its program shortcut (.exe) is likely to be one of the winpup copies.
Winpup is a trojan adware nuisance. If you have Internet Explorer, it randomnly pops up ad windows (even if IE isn't currently in use). As far as I know, you can't take it off through any program. I had to manually uninstall it, and it took a long time. For detailed instructions on how to manually get rid of it, I recommend using Bazooka. There are sites out there that probably have good instructions also. Just look up 'winpup'. Keep in mind that it will likely take several tries before you get rid of it for good, because it has a habit of sneaking a new copy in even after you've deleted all of its source files. Or something. I'm tired. Anyway, if I can kill it, anyone can.
Good luck.
-
March 30th, 2004, 08:15 AM
#7
Geezer
-
March 31st, 2004, 11:00 AM
#8
Morze5 in Win98
Hello, were you able to solve you're problem with morse5, 'cause i'm also having the same problem with my pc. thanks.
Originally Posted by geeksRus
have a friend that is receiving a message about a missing shortcut when windows 98 starts referencing morze5.exe. i was able to tell her how to remove shortcuts from the Startup folder(there was 5...some with random numbers for names). her Etrust reports no infections but the startup items come back with every reboot with new random number names. Etrust won't update, which is nothing new i gather. i can't find anything about it on the net so far. any one know which virus this mite be?
-
April 4th, 2004, 04:31 PM
#9
seems to be really spreading...was able to find an article about the newest update of Ad Aware removing this. tried it and it worked. you need to use Custom Scanning Options with all the Memory and Registry options CHECKED. after you scan select all found objects and remove them. you will probably have to let Ad Aware run at next boot to get rid of the browser helper DLL. worked great...now lets see if it comes back. anyone have any idea where this POS comes from?
-
April 4th, 2004, 04:37 PM
#10
Driver Terrier
you mean you want to go to a site where it might be???
Never, ever approach a computer saying or even thinking "I will just do this quickly."
-
April 4th, 2004, 04:55 PM
#11
uh...no... ...is it coming from a site? or is it an email nasty? just out of curiosity.
-
April 4th, 2004, 07:46 PM
#12
Driver Terrier
I'm guessing a site, I haven't seen it in my spam boxes.
Have you seen the number of views this thread has? 1419 as of posting this.
We better find a decent fix.
Last edited by NooNoo; April 4th, 2004 at 08:13 PM.
Never, ever approach a computer saying or even thinking "I will just do this quickly."
-
April 5th, 2004, 12:28 AM
#13
Registered User
We've had a whole rash of these "Winpup" based scumware infections in the last few weeks. They appear to come bundled with various free download "Windows clean up" programs.
Pop-up ads appearing randomly and regularly every 10-15 seconds (even when i.e. is not open) is seriously infuriating. Even with the internet connection closed the dialer function means that you are still pestered by the login prompt every 5 seconds!!!
Recent experiences suggest the following:
The latest version of Ad-aware 6 sees it, says it's removed it, but it comes back on the next reboot!
Bazooka sees it, reports it but can't do anything about it!
The latest version of Spy-Bot Search and Destroy has removed it permanently in all bar 2 cases we've had recently (Both Win ME). Has worked fine on a dozen or so XP's & 98's.
It is essential to temporarily disable system restore (XP/ME) before trying to remove.
If the above fails it's also worth trying again in safe mode.
If not it can to be permanently removed manually.
Directions can be found here as to how to remove "winpup" based scumware but the process can be fairly lengthy and complex, depending on the level and severity of infection. Not a fix for the inexperienced methinks.....
http://www.kephyr.com/spywarescanner...up/index.phtml
John
Now where did I leave my Lump Hammer?
"I thought I was wrong once" - "But I was wrong"
-
April 5th, 2004, 03:44 AM
#14
Driver Terrier
heheh I might just go catch this one on purpose for the experience.
Never, ever approach a computer saying or even thinking "I will just do this quickly."
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Bookmarks