Tuesday, June 15, 2010

Wmpxk3.exe

New malware popped up in the office this morning.  It came over pidgeon as an instant message to our user from a person that we believe is using yahoo messenger.  A link popped up to a "party pic" zip file, coming from a url with "picturesharehost" in the name.  We have the full link still, but how about I don't post it here and cause it to proliferate?  The domain is hosted in France.

A pop-up asked the user to download something to protect her computer. The user just Xed out of that, but still noticed her computer was behaving oddly.  Thus the call to the IT department.  We searched and found that wmpxk3.exe in the startup directory.

It didn't change the background, and didn't effect browsing.
We simply deleted that file and rebooted.  Everything seems fine for now.

Will update this post if we get more information.

4 comments:

  1. It happened to me. I was accidentally clicked on a link sent to me by friend on YM. And after that my YM and Skype was totally a mess! Fortunately our IT guy found it and now my notebook seems ok :)

    ReplyDelete
  2. Glad all is well for you now, Devi!

    There was a second user today with the same issue. We mostly use AIM in the office and have few skype and yahoo users, so I suspect that is why it didn't cause too much trouble. Both times the users clicked the links because it didn't seem unusual that they were receiving links with pictures from their chat buddies.

    ReplyDelete
  3. How to clean up this wmpxk3.exe file as I am facing the same issue and I am not able to remove it? What is the procedure culd u plz help me out with it?

    ReplyDelete
  4. Neelu we were able to just search for the file and delete it. Are you getting errors when you try that? We found it in the Startup directory.

    ReplyDelete