PDA

View Full Version : Is opmldisrv.exe related to Spybot?


abby123
2006-11-16, 17:49
Hello,

I have just finished getting rid of lots of viruses and spy stuff from a pc thanks to Spybot (the best product there is and I install it on every PC I can) and other good programs.

Zone Alarm tells me that opmldisrv.exe is trying to access the web but I can't find anything about it on the web. I waited until the ZA alert showed up and did a search on the pc and it came up with only 1 entry:

regUsers.reg in folder C:\documents and Settings\All Users\Application Data\Spybot - Search and Destroy\Backups

Can someone help me? I don't know whether I should be allowing or denying access

Abby123
md usa spybot fan
2006-11-16, 18:57
The executable opmldisrv.exe is not part of Spybot-S&D. I personally would allow not it access to the internet until I could determine what it does.

********************

The file The file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Backups\regUsers.reg is part of the registry backup that you optionally took when you first installed Spybot-S&D or elected to take subsequently by going into Spybot > Mode > Advanced mode > Settings > Settings > and clicking on the Wizard button at the top of the settings screen.

I suggest that you scan (do a find) on your registry for "opmldisrv.exe" to see what entries are currently in your registry for it.

********************

I was not able to find any information concerning opmldisrv.exe except it was reported as a Moderate threat by CyberDefender on 2006-11-08 with no additional information provided.

A note about CyberDefender:
CyberDefender was listed in The Spyware Warrior List of Rogue/Suspect Anti-Spyware Products & Web Sites (http://www.spywarewarrior.com/rogue_anti-spyware.htm) starting on 12-27-05 but was de-listed 7-8-06.
abby123
2006-11-16, 19:27
Thank you so much for your reply

I did as you suggested and checked the registry but it didn't find any entries. Then I discovered, by accident, that I could do a search on the IP address that ZA provided and it pointed to Avira Antivirus (which is installed on the PC). I don't understand why I can't find it on the PC though so I'm still a bit iffy about it.

Just in case I'm not the only one who didn't know where to search on IP address, the web page is:

http://www.domaintools.com/

Altruism is alive and well!
abby123
2006-11-22, 01:53
The advice I was given in this excellent forum was spot on. Information about it is still sparse but, according to AHNLAB, it is a trojan that sends spam mail

http://info.ahnlab.com/securityinfo/virus_view_eng_new2.jsp?SEQ_NO=5954