Imapi.exe, trojan or not?

Status
Not open for further replies.
Hi, I'm very paranoid and some stuff happened recently such as finding a hidden application (microsoft character encoder) named "a" on my desktop. My pc also slowed down, then the mouse stopped working then the computer rebooted. (Might just be hardware problem, just happened once.)
I scanned my pc with ad-aware, spybot, avast!(more or less, it takes a whole eternity), avg anti-rootkit and f-secures anti rootkit. None of the programs found anything suspicious.
I scanned the three imapi.exe files and also uploaded them on jotti but no malware were detected.

Now, here's why I'm suspicious:
I used the kaspersky webscanner, it told me that "imapi.exe" located in WINDOWS\system 32 was a trojan named "Trojan.Win32.Starter.cu"
I searched my computer and found imapi.exe located in system32 and two in WINDOWS\SoftwareDistribution\Download. One were located in the folder named "dd9ab5193501484cf5e6884fa1d22f9e" and the other one were located in some other random named folder.

I googled the trojan name but didn't get any good matches so I removed ".cu" and I found: a link to Sophos, I tried to follow the removing methods but I didn't find any imapi.exe related stuff and I didn't find the HKCR folder either? (Less than 5 posts so I can't post the link but if you still want to have a look, google Trojan.Win32.Starter and pick the Sophos link you'll get there)
Anyway, once again I located the imapi.exe files and deleted them and cleared my trashbin but the imapi.exe in system32 keeps reappearing.


For the "too long, didn't read" people:
Summary:
- Kaspersky webscanner told me Imapi.exe is a trojan
- Scanned with several different anti-malware programs and also uploaded it on Jotti but no malware were found.
- Deleted the imapi.exe but it keeps reappearing in the system32 folder

Do I need to be worried?
 
imapi.exe is a part of the Microsoft Windows operating system, more specifically the Image Mastering Applications Programming Interface, which is used for CD recording. This program is important for the stable and secure running of your computer and should not be terminated.

Recommendation:imapi.exe should not be disabled, required for essential applications to work properly..

On July 16, 2007, Microsoft identified a misclassification in the Trojan:Win32/Starter signature which could result in erroneous detections of this Trojan in certain PE files created by Quick Batch File Compiler. To address this issue, impacted customers should update to signature files with version number 2740.6 or above.
http://onecare.live.com/standard/en-us/virusenc/VirusEncInfo.htm?VirusName=Trojan:Win32/Starter
 
unfortunately, this file is also associated with the Vundo Trojan :(

Reportedly, superantispyware will remove the trojan
 
Hi, thanks for the information guys.
I suppose it's false alarm then? It shouldn't be the vundo virus right? I'm not experiencing any pop ups or adware. Just in case, I will download the superantispyware program anyway but I suppose the other anti-malware programs like Spybot and Ad-aware should also be able to find Vundo right?
 
Status
Not open for further replies.
Back