Results 1 to 4 of 4

Thread: WMHOST.EXE Trojan not detected

  1. #1
    cyberstorm Guest

    Default WMHOST.EXE Trojan not detected

    I recently had a whole rack of trouble. I first noticed it all when I all of a sudden had a pop-up at startup and any other time explorer.exe started that stated Personalized Settings for C:\windows\system32\wmhost.exe s . I was having trouble clicking desktop and taskbar as both would give critical error sound and no message. Lag and all sorts of other issues known to be caused by Malware. When I ran a google search I turned up tons of Sophos and other sites warnings that this file is a trojan. I had scanned the night previous to this with my ZA which is;ZA Security Suite V 7.0.337.000TV Security Eng. V 7.0.337.000Antivirus engine V 3, DAT file version 20070512105000All my updates were up to date and ZA did NOT find the file as an issue. SO, I manually packed it into a 7z archive to forward to ZoneLabs, and manually removed the file after killing explorer's process. I ran regbot and removed the keys it had put there and ever since I have had no problem, except I want a signature for this if possible.
    Can I post the attachment or email it to ZoneLabs for analysis or should I detroy it. I trust ZA for my needs as it is far superior than other Security Solutions and I can vouch for that as I test software for a living and have ALWAYS come back to ZA with pleasure. Follows is a summary by sophos of this file;NameTroj/Bckdr-QHSType<ul>[*]Trojan[/list]Affected operating systems<ul>[*]Windows[/list]Side effects<ul>[*]Installs itself in the Registry[/list]Aliases<ul>[*]BackDoor-CEP.svr[/list]Protection<ul>[*]Download virus identity (IDE) file[/list]Protection available since28 April 2007 16:05:50 (GMT)Detected byAll versions of Sophos Anti-VirusIncluded in our products fromJune 2007 (4.18)Is there an easier way to get this type of file to ZA? I'd suggest a place in the antivirus tab to submit this type of thing but I am sure you would all be overwhelmed by silly submissions.

    Operating System:Windows XP Pro
    Product Name:ZoneAlarm Internet Security Suite
    Software Version:7.0

  2. #2
    Join Date
    Nov 2004

    Default Re: WMHOST.EXE Trojan not detected

    Hi!please upload the file to and check if Kaspersky AV is detecting it.If not, please send the file to newvirus at kaspersky dot com. Subject: virus.Zip the infected executable and password protect it. Include password in the e-mail.If the executable is detected by Kaspersky then probably your install of ZA is corrupted.Clean Uninstall and re-install.Fax

    Click here for ZA Support
    Monday-Saturday 24x6 Pacific time
    Closed Sundays and Holidays

  3. #3
    cyberstorm Guest

    Default Re: WMHOST.EXE Trojan not detected

    Find here the results of the scan.If ZA is not corrupted will it pick up this Infection that you know of? Kaspersky will not it would seem so I will upload the file to them as per your request. TY for the great link, and for taking the time to answer my query.

    Complete scanning result of &quot;wmhost.exe&quot;, received in VirusTotal at 05.15.2007, 20:15:50 (CET).
    Antivirus Version Update Result
    AhnLab-V3 2007.5.15.1 05.15.2007 no virus found
    AntiVir 05.15.2007 HEUR/Crypted
    Authentium 4.93.8 05.14.2007 no virus found
    Avast 4.7.997.0 05.15.2007 no virus found
    AVG 05.15.2007 BackDoor.Generic4.TEE
    **bleep** 7.2 05.15.2007 MemScan:Backdoor.Bifrose.NQ
    CAT-QuickHeal 9.00 05.15.2007 no virus found
    ClamAV devel-20070416 05.15.2007 Trojan.Packed
    DrWeb 4.33 05.15.2007 no virus found
    eSafe 05.15.2007 no virus found
    eTrust-Vet 30.7.3634 05.15.2007 no virus found
    Ewido 4.0 05.15.2007 no virus found
    FileAdvisor 1 05.15.2007 no virus found
    Fortinet 05.15.2007 suspicious
    F-Prot 05.14.2007 no virus found
    F-Secure 6.70.13030.0 05.15.2007 no virus found
    Ikarus T3.1.1.7 05.15.2007 Backdoor.VB.EV
    Kaspersky 05.15.2007 no virus found
    McAfee 5031 05.15.2007 BackDoor-CEP.svr
    Microsoft 1.2503 05.15.2007 no virus found
    NOD32v2 2268 05.15.2007 no virus found
    Norman 5.80.02 05.15.2007 no virus found
    Panda 05.15.2007 no virus found
    Prevx1 V2 05.15.2007 no virus found
    Sophos 4.17.0 05.11.2007 no virus found
    Sunbelt 2.2.907.0 05.12.2007 VIPRE.Suspicious
    Symantec 10 05.15.2007 no virus found
    TheHacker 05.15.2007 no virus found
    VBA32 3.12.0 05.15.2007 no virus found
    VirusBuster 4.3.7:9 05.15.2007 no virus found
    Webwasher-Gateway 6.0.1 05.15.2007 Heuristic.Crypted

    Aditional Information
    File size: 1204605 bytes
    MD5: 1705509d4bd07c17bb0f2cecbfe0a2c5
    SHA1: 0dd37622e5da4fc25b6f9c67071fa0acf9b716af
    packers: Themida
    Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

  4. #4
    Join Date
    Nov 2004

    Default Re: WMHOST.EXE Trojan not detected

    You're welcome...Looks like Kaspersky is not detecting it... so also ZA will not detect it.Please send the file to kaspersky as explained before (password protected zip... etc). you can also explain that other AVs are detecting it.If it is malware, it will be added to the KAV virus database and also ZA will be able to detect it.Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 24x6 Pacific time
    Closed Sundays and Holidays

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts