morze5.exe...what is this?

[geeksRus]

have a friend that is receiving a message about a missing shortcut when windows 98 starts referencing morze5.exe. i was able to tell her how to remove shortcuts from the Startup folder(there was 5...some with random numbers for names). her Etrust reports no infections but the startup items come back with every reboot with new random number names. Etrust won't update, which is nothing new i gather. i can't find anything about it on the net so far. any one know which virus this mite be?

[emr]

have a friend that is receiving a message about a missing shortcut when windows 98 starts referencing morze5.exe. i was able to tell her how to remove shortcuts from the Startup folder(there was 5...some with random numbers for names). her Etrust reports no infections but the startup items come back with every reboot with new random number names. Etrust won't update, which is nothing new i gather. i can't find anything about it on the net so far. any one know which virus this mite be?

I could only find one Google reference to this file and that was on another forum where a guy posted his HijackThis logged from a pc filled with spyware.

Got to get scanning that pc with Spybot, Ad-aware and HijackThis I would say, assuming you haven't already done so.

emr

[confus-ed]

Its a 'net nasty' (seen it before ) ... if your AV won't update ( I take it that's what Etrust is supposed to do) then that confirms it ! ..

So you want some AV that can run from DOS to clean up (or you can try & figure out just what virus this might be & do 'specific' removal things, but I find just starting in dos & doing it from there 'easier' ..) & then all the 'usual anti everything stuff' (so things that can 'innoculate' like spybot et al ..) as this ones usually coming from a BHO (browser 'helper' object).

[wootendw]

I was able to restart Windows 98 without the offending programs (morze5.exe, i38bupgo.exe, and others) after I ran 'msconfig' (from Start->Run) and unchecked some unknown tasks (including morze5) on the Startup tab. This tab, on msconfig, shows start up tasks that are in addition to those in the Startup menu folder.

One program 'GZGR85TV.exe' did not actually appear in the Startup folder although it was on the startup tab of msconfig. I suspect it may be sticking morze5.exe in the startup folder. I disabled and deleted it. So far, this seems to have worked.

[confus-ed]

I was able to restart Windows 98 without the offending programs (morze5.exe, i38bupgo.exe, and others) after I ran 'msconfig' (from Start->Run) and unchecked some unknown tasks (including morze5) on the Startup tab. This tab, on msconfig, shows start up tasks that are in addition to those in the Startup menu folder.

One program 'GZGR85TV.exe' did not actually appear in the Startup folder although it was on the startup tab of msconfig. I suspect it may be sticking morze5.exe in the startup folder. I disabled and deleted it. So far, this seems to have worked.

So welcome to Windrivers wootendw ..

More as a btw than a 'fix it' type answer, you want to go get yourself something like adaware or spybot or HijackThis to help you identify just where in all of windows 'inards' all this might be hanging about & 'kill it good', be aware there's a whole raft of 'net nasties' (malware) that merrily goes around turning all the stuff you turned off with MSconfig back on ! Something to stop future 'malware' getting installed 'accidentally' will also help, if you google the names I gave they'll have 'companion' products which do just that ..

Something somewhere is still lurking most likely adding things back in ! Anti-Malware software (like mentioned) is a 'MUST HAVE' item nowadays, like it or not

[asharris]

I searched for morze5.exe on google and it showed me this article first. After a while I finally figured out what it was, so I thought I would share.

morze5.exe is one of the "random" names for winpup. Spybot and Adaware cannot detect winpup, because it changes its name (and adds a new registry key, etc.) each time it starts up. I don't think there exists a full list of every name it uses, but morze5, 704mgafw, oohlphnu, 1d8k66f6, xr6c7029, 030ey752, nb6glz7c, and 4e76oz4m are among them. If you open your running programs under regedit, anything that looks like a random assortment of unfamiliar numbers and letters that has the same thing listed for its name and its program shortcut (.exe) is likely to be one of the winpup copies.

Winpup is a trojan adware nuisance. If you have Internet Explorer, it randomnly pops up ad windows (even if IE isn't currently in use). As far as I know, you can't take it off through any program. I had to manually uninstall it, and it took a long time. For detailed instructions on how to manually get rid of it, I recommend using Bazooka. There are sites out there that probably have good instructions also. Just look up 'winpup'. Keep in mind that it will likely take several tries before you get rid of it for good, because it has a habit of sneaking a new copy in even after you've deleted all of its source files. Or something. I'm tired. Anyway, if I can kill it, anyone can.

Good luck.

[confus-ed]

So welcome to windrivers asharris ..

Err but phooey balloey 'stuff' can't kill it ... anything 'foreign' in the registry key
HKLM\Software\Microsoft\Windows\CurrentVersion\Run \<filename>
can get picked up by HijackThis & spybot will mark it, if it 'isn't sure' & let you decide ..

(& some of don't need an anti-malware proggie to tell us that anything 'unknown' in that key spells trouble ! )

But ta for the confirmation on just what it might be

[dparedes]

Hello, were you able to solve you're problem with morse5, 'cause i'm also having the same problem with my pc. thanks.

have a friend that is receiving a message about a missing shortcut when windows 98 starts referencing morze5.exe. i was able to tell her how to remove shortcuts from the Startup folder(there was 5...some with random numbers for names). her Etrust reports no infections but the startup items come back with every reboot with new random number names. Etrust won't update, which is nothing new i gather. i can't find anything about it on the net so far. any one know which virus this mite be?

[geeksRus]

seems to be really spreading...was able to find an article about the newest update of Ad Aware removing this. tried it and it worked. you need to use Custom Scanning Options with all the Memory and Registry options CHECKED. after you scan select all found objects and remove them. you will probably have to let Ad Aware run at next boot to get rid of the browser helper DLL. worked great...now lets see if it comes back. anyone have any idea where this POS comes from?

[NooNoo]

you mean you want to go to a site where it might be???

[geeksRus]

uh...no... ...is it coming from a site? or is it an email nasty? just out of curiosity.

[NooNoo]

I'm guessing a site, I haven't seen it in my spam boxes.

Have you seen the number of views this thread has? 1419 as of posting this.

We better find a decent fix.

[Atodini]

We've had a whole rash of these "Winpup" based scumware infections in the last few weeks. They appear to come bundled with various free download "Windows clean up" programs.

Pop-up ads appearing randomly and regularly every 10-15 seconds (even when i.e. is not open) is seriously infuriating. Even with the internet connection closed the dialer function means that you are still pestered by the login prompt every 5 seconds!!!

Recent experiences suggest the following:

The latest version of Ad-aware 6 sees it, says it's removed it, but it comes back on the next reboot!

Bazooka sees it, reports it but can't do anything about it!

The latest version of Spy-Bot Search and Destroy has removed it permanently in all bar 2 cases we've had recently (Both Win ME). Has worked fine on a dozen or so XP's & 98's.

It is essential to temporarily disable system restore (XP/ME) before trying to remove.

If the above fails it's also worth trying again in safe mode.

If not it can to be permanently removed manually.

Directions can be found here as to how to remove "winpup" based scumware but the process can be fairly lengthy and complex, depending on the level and severity of infection. Not a fix for the inexperienced methinks.....

http://www.kephyr.com/spywarescanner...up/index.phtml

John

[NooNoo]

heheh I might just go catch this one on purpose for the experience.