Owner.exe

Last Updated on Saturday, 23 June 2012 00:51 Friday, 17 December 2010 19:56

Trojan - W32.Bancos

Owner.exe is found in several computer viruses. Their reports are listed below. These rreports are of different versions of the same virus. owner.exe is common among them. Additional file names are different. 

Files found :- analysis
C:\windows\system32\owner.exe
C:\windows\system32\loadb.exe 
C:\windows\system32\loadki.exe
C:\windows\system32\loadne.exe    
C:\windows\system32\loadwa.exe
C:\windows\system32\loadwe.exe
- This virus stops services - "Application Layer Gateway Service", "Windows Firewall/Internet Connection Sharing (ICS)"

- This virus creates several exe files in the system32 folder. They are created in a pattern load##.exe or load###.exe. However owner.exe is common. Therefore first find out the "date of creation" of owner.exe. After that search the hard disk for other files created on the same date. 

Files found :- analysis
C:\windows\system32\owner.exe
C:\windows\system32\javahelper.exe
C:\windows\system32\plugoff.exe
C:\windows\system32\regdllhelper.exe 

Files found :- analysis
C:\windows\system32\owner.exe
C:\windows\java\install\java.exe
C:\windows\system\bibi.exe
C:\windows\system\logwabs.exe
C:\windows\system\sendtill.exe
C:\windows\WindowsShell.dll 

Files found :- analysis
C:\windows\system32\owner.exe
C:\windows\msagent\msnwabs.exe
C:\windows\msagent\sendtos.exe
C:\windows\Windows32.dll
C:\windows\windows32.ini 

(Full path for the short folder names can be found on this link)

 The removal process may require using the System Restore, enabling to view hidden files and folders, removing entries from the Windows Startup, booting in the Safe Mode, using the System File Checker application  etc. These steps vary slightly in different versions of Microsoft Windows.

Some steps are essential

# To remove virus processes from the Task Manager
# To search and delete virus files from the hard disk. Enable to view "hidden files and folders" before you search.  Otherwise virus files inside the hidden folders will not be found.
# To remove obsolete registry keys using CCleaner

Detailed instructions and a number of free Tools are listed on this link. 

Different ways to prevent malicious files from entering the computer on this link.

 

Reprinted with permission from Threatexpert.com

Please see the Disclaimer  

< Prev		Next >