What is Mlnaae32.exe? 1

[BionicJohn]

What is Mlnaae32.exe?

It would appear to be something nasty but I can find no reference to it with Google.

The only instance I can find of it on the PC is in prefetch, and it will still load after being deleted in prefetch.

I have already removed several trojans from this PC, but am stumped with this one.

Neither PANDA nor NortonAV can find anything.

(Sony VAIO Laptop, WinXP SP1)

Any advice welcome.

Iechyd da! John
Glannau Mersi, Lloegr.

 

[diogenes10]

You can send individual files to Kaspersky for review, google on kaspersky will get you the link.

If one of the things you removed was coolwebsearch with the numbers, this could relate to that. Look at the log in this link:

http://computercops.biz/postlite51029-java.html

Your file reminds me of the O4 runonce entries.

When google doesn't show anything and you can't see any properties that relate it to applications on your system, bad becomes a good possibility.

Renaming vs deleting is always a conservative first step.



-------------------------------------
It's 10 O'Clock ( somewhere! ).
Are your registry and data backed up?

 

[BionicJohn]

Thanks, Diogenes10,

Since posting an hour ago, I've found 14 more infected files on this laptop. It looks like Altnet is the culprit with source of the infection hidden in a downloaded *.cab file.

http://www.scanspyware.net/info/Altnet.htm

I'll get back to you. Cheers.

Iechyd da! John
Glannau Mersi, Lloegr.

 

[BionicJohn]

Update:

After much cleaning and searching, I have located MLNAAE32.EXE as a PreFetch link/file in C:\Windows\PreFetch. Also in the PreFetch folder is file called Layout.ini.

However, all files in the folder C:\Windows\PreFetch can be deleted EXCEPT MLNAAE32.EXE-30155E88.pf. It seems to be deleted, but 3 or 4 seconds later it re-appears! All other files disappear as exepected, but not this one.

There is a line in Layout.ini referring to C:\Windows\system32\MLNAAE32.exe but the file does not exist. I have deleted the line, but it makes no difference.

The only reference in the Registry to MLNAAE32.EXE relates to my searches.

Any advice about permanently deleting this nuisance much appreciated.

(PS I'm sick of re-booting to see if it's gone)


Background:
Norton AV2005, Panada Titanium, Grisoft AVG, Ad-Aware, Stinger, SpyBotS&D all SpySweeper all produce clean bills of health.

I can't see anything in the Hi-jack This log to worry me either.

Pictures at:

http://www.johndavies.mersinet.co.uk/ttuk/mlnaae32.htm

Iechyd da! John
Glannau Mersi, Lloegr.

 

[diogenes10]

I have not used this but have both seen it recommended and recommended it to others from time to time. Perhaps it would show you some relationships that would help in fixing the problem.

http://www.neuber.com/taskmanager/

-------------------------------------
It's 10 O'Clock ( somewhere! ).
Are your registry and data backed up?

 

[BionicJohn]

Cheers, Diogenes! Looks like I've got it.

Security Task Manager pointed to it straightaway. Now it's quarantined, the laptop fair screams along again.

It seems to be related to Backdoor.Berbew.K, a Backdoor Trojan horse that attempts to steal cached passwords. The key word is KKQHOOK.

Symantec et al give details of where to look in the Registry to clean it up.

You're the

star

man!

Iechyd da! John
Glannau Mersi, Lloegr.