PDA

View Full Version : Live-Player contains hjklmn.exe trojan



Olliver
2009-03-02, 10:39
The Live player contains the trojan hjklmn.exe that conect automaticly to the internet at every system boot.
It stays in the C:\Users\xxx\AppData\Local folder after deinstallment of the live player with autostart function.
Itīs not detected with spybot, neither with avast, only the comodo firewall asks for permission for hjklmn.exe to connect to the internet.

Tom.K
2009-03-02, 15:00
That software is from wxx.live-player.com, right?
SiteAdvisor Reports that the site contains 1 red download, which is Live Player setup (ad-supported/sponsored).
SiteAdvisor web-site analysis:
http://www.siteadvisor.com/sites/live-player.com?ref=safesearch&aff_id=0&premium=false&suite=false&client_ver=2.9.242&locale=hr-HR

SiteAdvisor detailed info for Live Player Setup:
http://www.siteadvisor.com/sites/live-player.com/downloads/15804321/
This trojan should be then included to Spybot detections. Note that trojan has random filename. Olliver mentioned hjklmn.exe as trojan while SiteAdvisor mentioned goohppxq.exe.

drragostea
2009-03-02, 18:14
McAfee's SiteAdvisor is not very reliable, see:
http://windowssecrets.com/2009/02/12/01-SiteAdvisor-ratings-may-be-1-year-out-of-date
-
A good alternative would be WOT (Web of Trust).

Matt
2009-03-02, 19:59
Hi Olliver,

:welcome: to Safer Networking Forums. :)

Shall someone help you to delete this trojan? I could give you a link where someone will have a look on your system.

Best regards,
-Matt-