Xjmosrv.exe
Korgen
-
Richard1 Messages postés 905 Statut Membre -
Richard1 Messages postés 905 Statut Membre -
Salut à tous,
Je tourne avec win xp pro et dans mes processus j'ai remarqué un fichier xjmosrv.exe. Il se trouve dans le répertoire windows/systeme32/mv18. Il est accompagné d'un fichier xlog16.txt dans lequel il y a des infos concernant mes activités. En voici un exemple:
Ce qui m'inquiète c'est que ce processus n'existait pas il y a peu et que malgré les scans de spybot, kapersky, hijackthis, cwshredder et adaware il reste présent.
A chaque fois que je lance une application (ie, msn ou n'importe quoi d'autre), Kerio m'indique que l'application est lancée par ce processus ainsi que des tentatives de connections sortantes:
Et lorsque je l'efface de mon disque dur plus aucune application ne peut se lancer (exemple: windows n'a pas pu trouver explorer.exe).
Quelqu'un a-t-il une solution mis à part format c: svp?
Merci d'avance.
Je tourne avec win xp pro et dans mes processus j'ai remarqué un fichier xjmosrv.exe. Il se trouve dans le répertoire windows/systeme32/mv18. Il est accompagné d'un fichier xlog16.txt dans lequel il y a des infos concernant mes activités. En voici un exemple:
[e][e][02:05:45][Caption: Kerio Personal Firewall - Alerte [à@]]
[e][e][02:05:50][Caption: Infected]
{DEL}
[e][e][02:19:21][Caption: Kaspersky AV Scanner]
{CTRL}
[e][e][02:19:49][Caption: Kaspersky AV Scanner]
{CTRL}{ALT}
[e][e][03:45:18][Caption: HijackThis - v1.97.7]
Ce qui m'inquiète c'est que ce processus n'existait pas il y a peu et que malgré les scans de spybot, kapersky, hijackthis, cwshredder et adaware il reste présent.
A chaque fois que je lance une application (ie, msn ou n'importe quoi d'autre), Kerio m'indique que l'application est lancée par ce processus ainsi que des tentatives de connections sortantes:
Processus lancé par: c:\WINDOWS\system32\mv18\xjmosrv.exe
Et lorsque je l'efface de mon disque dur plus aucune application ne peut se lancer (exemple: windows n'a pas pu trouver explorer.exe).
Quelqu'un a-t-il une solution mis à part format c: svp?
Merci d'avance.
1 réponse
Bonjour Korgen,
How to Detect and Remove XLog?
XLog Description:
From the doc: XLog is a remote spying tool to monitor access of an off-site computer via keyboard logging. Keyboard logging means that when the 'Start keylog' button is pressed, a log file is created, and every key pressed by the user is logged. It can be ended or even uninstalled remotely as well. Other features such as retrieval of the log file at any time, fetching of host information, and deletion of the log file are available. The new persistent keylogging feature means that keylogging begins as soon as the program starts (by default)! To get this software up and running in about one minute, extract the XLog.exe file to the host computer (in a non-volatile folder, like the \windows or \winnt folder), then double click on its icon. Nothing seems to happen, but this program runs transparently to the user, so this is to be expected. Then, on another computer, extract the XClient.exe program and run it. Connect to the computer with the XLog program running on it. In order to connect to the host, you must know the host name or the host's IP address. You can find the host's IP address if at the host computer's console by using the 'ipconfig' command. Then, use the XClient software to monitor the host computer's activity remotely.
Also known as: Backdoor.XLog.21
XLog Automatic Removal:
Using PestPatrol to detect and remove this spyware AUTOMATICALLY!
Sponsored Links:
XLog Manual Removal:
Follow these steps to remove XLog from your machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake.
Kill these running processes with Task Manager:
xclient.exe
xlog.exe
Remove these files (if present) with Windows Explorer:
license.txt
xclient.exe
xlog 2.1 - readme.txt
xlog 2.2 - readme.txt
xlog 2.21 - readme.txt
xlog.exe
Bien amicalement
Richard1
How to Detect and Remove XLog?
XLog Description:
From the doc: XLog is a remote spying tool to monitor access of an off-site computer via keyboard logging. Keyboard logging means that when the 'Start keylog' button is pressed, a log file is created, and every key pressed by the user is logged. It can be ended or even uninstalled remotely as well. Other features such as retrieval of the log file at any time, fetching of host information, and deletion of the log file are available. The new persistent keylogging feature means that keylogging begins as soon as the program starts (by default)! To get this software up and running in about one minute, extract the XLog.exe file to the host computer (in a non-volatile folder, like the \windows or \winnt folder), then double click on its icon. Nothing seems to happen, but this program runs transparently to the user, so this is to be expected. Then, on another computer, extract the XClient.exe program and run it. Connect to the computer with the XLog program running on it. In order to connect to the host, you must know the host name or the host's IP address. You can find the host's IP address if at the host computer's console by using the 'ipconfig' command. Then, use the XClient software to monitor the host computer's activity remotely.
Also known as: Backdoor.XLog.21
XLog Automatic Removal:
Using PestPatrol to detect and remove this spyware AUTOMATICALLY!
Sponsored Links:
XLog Manual Removal:
Follow these steps to remove XLog from your machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake.
Kill these running processes with Task Manager:
xclient.exe
xlog.exe
Remove these files (if present) with Windows Explorer:
license.txt
xclient.exe
xlog 2.1 - readme.txt
xlog 2.2 - readme.txt
xlog 2.21 - readme.txt
xlog.exe
Bien amicalement
Richard1
