Hi, I'm very paranoid and some stuff happened recently such as finding a hidden application (microsoft character encoder) named "a" on my desktop. My pc also slowed down, then the mouse stopped working then the computer rebooted. (Might just be hardware problem, just happened once.)
I scanned my pc with ad-aware, spybot, avast!(more or less, it takes a whole eternity), avg anti-rootkit and f-secures anti rootkit. None of the programs found anything suspicious.
I scanned the three imapi.exe files and also uploaded them on jotti but no malware were detected.
Now, here's why I'm suspicious:
I used the kaspersky webscanner, it told me that "imapi.exe" located in WINDOWS\system 32 was a trojan named "Trojan.Win32.Starter.cu"
I searched my computer and found imapi.exe located in system32 and two in WINDOWS\SoftwareDistribution\Download. One were located in the folder named "dd9ab5193501484cf5e6884fa1d22f9e" and the other one were located in some other random named folder.
I googled the trojan name but didn't get any good matches so I removed ".cu" and I found: a link to Sophos, I tried to follow the removing methods but I didn't find any imapi.exe related stuff and I didn't find the HKCR folder either? (Less than 5 posts so I can't post the link but if you still want to have a look, google Trojan.Win32.Starter and pick the Sophos link you'll get there)
Anyway, once again I located the imapi.exe files and deleted them and cleared my trashbin but the imapi.exe in system32 keeps reappearing.
For the "too long, didn't read" people:
Summary:
- Kaspersky webscanner told me Imapi.exe is a trojan
- Scanned with several different anti-malware programs and also uploaded it on Jotti but no malware were found.
- Deleted the imapi.exe but it keeps reappearing in the system32 folder
Do I need to be worried?
I scanned my pc with ad-aware, spybot, avast!(more or less, it takes a whole eternity), avg anti-rootkit and f-secures anti rootkit. None of the programs found anything suspicious.
I scanned the three imapi.exe files and also uploaded them on jotti but no malware were detected.
Now, here's why I'm suspicious:
I used the kaspersky webscanner, it told me that "imapi.exe" located in WINDOWS\system 32 was a trojan named "Trojan.Win32.Starter.cu"
I searched my computer and found imapi.exe located in system32 and two in WINDOWS\SoftwareDistribution\Download. One were located in the folder named "dd9ab5193501484cf5e6884fa1d22f9e" and the other one were located in some other random named folder.
I googled the trojan name but didn't get any good matches so I removed ".cu" and I found: a link to Sophos, I tried to follow the removing methods but I didn't find any imapi.exe related stuff and I didn't find the HKCR folder either? (Less than 5 posts so I can't post the link but if you still want to have a look, google Trojan.Win32.Starter and pick the Sophos link you'll get there)
Anyway, once again I located the imapi.exe files and deleted them and cleared my trashbin but the imapi.exe in system32 keeps reappearing.
For the "too long, didn't read" people:
Summary:
- Kaspersky webscanner told me Imapi.exe is a trojan
- Scanned with several different anti-malware programs and also uploaded it on Jotti but no malware were found.
- Deleted the imapi.exe but it keeps reappearing in the system32 folder
Do I need to be worried?