|
...came up with a reference to spam being posted to usenet, but it wasn't very informative.
In your next post, it would be helpful to tell us the PORT it's trying to access to help guage the threat.
These programs are VERY tricky (they'd have to be, or we'd just stop them, right?). On one system I was running all of the usual spybot, search & destroy, etc programs and it would regularly come up with stuff (esp hijacking IE - don't use IE!). So I ran said virus/spyware programs, they then reported the system was clean, but upon reboot (NOTE: DISCONNECTED FROM THE INTERNET FOR TESTING) I'd be infected all over again with OTHER programs.
My thinking is that some of these guys must be installing programs which infect legitimate programs that are run when certain events happen (boot/login/etc) like "mobsync" which I have no use for but I can't stop from running. These programs then "spin off" new exe's, run them and start the 'fun' all over again. It wouldn't suprise me if they were named on some random basis, frustrating any attempt to label them.
With this scheme, it would take a long time indeed to figure out where the problems REALLY came from...
I'd search for said ubpl.exe on your hard drive and with a right click check out it's properties. If it's in your internet cache - delete away.
|