Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Executables Keep Starting on Server

Status
Not open for further replies.
jckarel1

jckarel1

Technical User
Jun 17, 2002
11
0
0
GB
I think I may have had a virus which has subsequently been deleted. Every so often differing executables will appear in startup such as wowexec.exe without any prompt or cause.

I believe this had the affect of causing large amounts of memory dumps and network traffic. At one stage the server was broadcasting 50 requests to a forwarding DNS server every second!

Needless to say we brought it offline.

The problem now is that it still tries to broadcast traffic. And tries to connect to all sorts of strange internet sites. But obviously fails because I have pulled it offline.

Has anyone any ideas?
 
Sort by date Sort by votes
wowexec.exe is not a virus.
WOW is an application environment that runs as a user-mode program (the filename is wowexec.exe) and invokes one VDM for all Win16 applications to run in a 32bit environment.
(nt, 98, etc)
here is a link to a really good article detailing wowexec.exe, it's functions and instances.


so in my opinion there must be some other virus that is causing these broadcasts to be happening.
have you ran any spyware removal progs or trojan detection?
hope that helped clear up part of what you were seeing, but it still sounds like you have a trojan in there somewhere, or even spyware.
good luck let me know if i helped or not, thanks
 
Upvote 0 Downvote
Is there a virus that shows in the processes as "_wowexec.exe" - where the underscore is a space?

This is what I have, and I think it is a virus/or spyware.

I think people get confused between the wowexec.exe and the one with a space in front of it.

Anyone know?

 
Upvote 0 Downvote
I's sure that the legitimate wow service does have a space before it.

That said if you think you have a virus.... run a virus scanner.
 
Upvote 0 Downvote
The Peper trojan will show up as internal names of wowex32.exe and kern32.exe, they create random named processes and cannot be stopped from withing a Windows enviroment.
A Viruscan will not detect them, HiJackThis will list them running, if you know what they look like from naming schemes.
..post a HiJackThis log..instead of guessing:)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Olumighty
  • Locked
  • Question
BIOS PASSWORD WIPE OR CLEAR ON COMPUTER LAPTOP 1
Replies
1
Views
60
SamBones
SamBones
Tiffc0922
  • Locked
  • Question
Virus / Malware Scans on Local PCs
Replies
5
Views
76
goombawaho
goombawaho
2ffat
  • Locked
  • News
C-Ware Bundled on "ALL" Freeware Sites
Replies
6
Views
57
xit
xit
goombawaho
  • Locked
  • Question
Stop Microsoft Security Essentials pop-up on XP machines 1
Replies
9
Views
74
goombawaho
goombawaho
2ffat
  • Locked
  • News
Lenovo isn't the only one with bad certificates 5
Replies
6
Views
123
2ffat
2ffat

Part and Inventory Search

Sponsor

Back
Top