OwMngr.exe 
Author Message
 OwMngr.exe

I have a Trojan virus called OwMngr.exe on my computer, my AV software
picked it up (AVG Grisoft).

I can't get rid of it. Every I delete the file it comes back again and
re-inserts its self on my program start-up list.

Help appreciated........Please

Thanks

Tom



Sat, 03 Dec 2005 00:38:42 GMT  
 OwMngr.exe
you are only deleting part of the virus by the looks of it the virus name is
TROJ_CHECKIN.B below is the trend micro removal tool for that virus ( I
havn't used it myself ) after you run the removal tool scan you system ( all
files ) to get rid of the rest.

http://www.trendmicro.com/ftp/products/tsc/sysclean.com


Quote:
> I have a Trojan virus called OwMngr.exe on my computer, my AV software
> picked it up (AVG Grisoft).

> I can't get rid of it. Every I delete the file it comes back again and
> re-inserts its self on my program start-up list.

> Help appreciated........Please

> Thanks

> Tom



Sat, 03 Dec 2005 12:12:40 GMT  
 OwMngr.exe
This is "downloader" trojan which downloads a given file
from a certain site and runs it. The trojan itself is a
Windows PE EXE file, written in MS Visual C++.
The trojan file size is about:

 "Checkin.a":  50Kb
 "Checkin.b":  45Kb

The trojan EXE file does not copy itself to any directory
but creates the system registry auto-run key:
"Checkin.a":

 HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  SysReg = %SystemDir%\SysReg

"Checkin.b":
 HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  OWMngr = %SystemDir%\OWMngr.exe

It seems that the trojan should be completed
by "installator" that performs all steps of trojan
installation into the system.
The trojan also creates more registry keys:

 HKCU\Software\IExplore\
   Ads
   AID
   ID
   LoggedIn

and uses these keys for its internal needs.
The trojan then stays as active process (this process is
visible in the task list), downloads a file from a Web
site, stores it on disk with "update.exe" name and
executes it. The Web site name and remote file URL can be
variable. The trojan downloads that information from
another Web site:

 "Checkin.a":  http://tp.searchseekfind.com
 "Checkin.b":  http://ads.onwebmedia.com

with using the "Checkin.pl" file in there.

Quote:
>-----Original Message-----
>I have a Trojan virus called OwMngr.exe on my computer,
my AV software
>picked it up (AVG Grisoft).

>I can't get rid of it. Every I delete the file it comes
back again and
>re-inserts its self on my program start-up list.

>Help appreciated........Please

>Thanks

>Tom

>.



Tue, 06 Dec 2005 19:59:09 GMT  
 OwMngr.exe
I could not locate the "checkin a or b" files and the
system would not allow me to delete the owmngr.exe file.  
However the file does contain about 44kb.
What can I do next, I am not very technical.
Quote:
>-----Original Message-----
>This is "downloader" trojan which downloads a given file
>from a certain site and runs it. The trojan itself is a
>Windows PE EXE file, written in MS Visual C++.
>The trojan file size is about:

> "Checkin.a":  50Kb
> "Checkin.b":  45Kb

>The trojan EXE file does not copy itself to any
directory
>but creates the system registry auto-run key:
>"Checkin.a":

> HKCU\Software\Microsoft\Windows\CurrentVersion\Run
>  SysReg = %SystemDir%\SysReg

>"Checkin.b":
> HKCU\Software\Microsoft\Windows\CurrentVersion\Run
>  OWMngr = %SystemDir%\OWMngr.exe

>It seems that the trojan should be completed
>by "installator" that performs all steps of trojan
>installation into the system.
>The trojan also creates more registry keys:

> HKCU\Software\IExplore\
>   Ads
>   AID
>   ID
>   LoggedIn

>and uses these keys for its internal needs.
>The trojan then stays as active process (this process is
>visible in the task list), downloads a file from a Web
>site, stores it on disk with "update.exe" name and
>executes it. The Web site name and remote file URL can
be
>variable. The trojan downloads that information from
>another Web site:

> "Checkin.a":  http://tp.searchseekfind.com
> "Checkin.b":  http://ads.onwebmedia.com

>with using the "Checkin.pl" file in there.
>>-----Original Message-----
>>I have a Trojan virus called OwMngr.exe on my computer,
>my AV software
>>picked it up (AVG Grisoft).

>>I can't get rid of it. Every I delete the file it comes
>back again and
>>re-inserts its self on my program start-up list.

>>Help appreciated........Please

>>Thanks

>>Tom

>>.

>.



Thu, 08 Dec 2005 21:00:56 GMT  
 OwMngr.exe
Quote:
>-----Original Message-----
>I could not locate the "checkin a or b" files and the
>system would not allow me to delete the owmngr.exe file.  
>However the file does contain about 44kb.
>What can I do next, I am not very technical.
>>-----Original Message-----
>>This is "downloader" trojan which downloads a given file
>>from a certain site and runs it. The trojan itself is a
>>Windows PE EXE file, written in MS Visual C++.
>>The trojan file size is about:

>> "Checkin.a":  50Kb
>> "Checkin.b":  45Kb

>>The trojan EXE file does not copy itself to any
>directory
>>but creates the system registry auto-run key:
>>"Checkin.a":

>> HKCU\Software\Microsoft\Windows\CurrentVersion\Run
>>  SysReg = %SystemDir%\SysReg

>>"Checkin.b":
>> HKCU\Software\Microsoft\Windows\CurrentVersion\Run
>>  OWMngr = %SystemDir%\OWMngr.exe

>>It seems that the trojan should be completed
>>by "installator" that performs all steps of trojan
>>installation into the system.
>>The trojan also creates more registry keys:

>> HKCU\Software\IExplore\
>>   Ads
>>   AID
>>   ID
>>   LoggedIn

>>and uses these keys for its internal needs.
>>The trojan then stays as active process (this process is
>>visible in the task list), downloads a file from a Web
>>site, stores it on disk with "update.exe" name and
>>executes it. The Web site name and remote file URL can
>be
>>variable. The trojan downloads that information from
>>another Web site:

>> "Checkin.a":  http://tp.searchseekfind.com
>> "Checkin.b":  http://ads.onwebmedia.com

>>with using the "Checkin.pl" file in there.
>>>-----Original Message-----
>>>I have a Trojan virus called OwMngr.exe on my computer,
>>my AV software
>>>picked it up (AVG Grisoft).

>>>I can't get rid of it. Every I delete the file it comes
>>back again and
>>>re-inserts its self on my program start-up list.

>>>Help appreciated........Please

>>>Thanks

>>>Tom

>>>.

>>.

>.



Fri, 09 Dec 2005 02:58:19 GMT  
 OwMngr.exe
I just got the same virus.  I will be watching and
searching for a solution.
Quote:
>-----Original Message-----
>I could not locate the "checkin a or b" files and the
>system would not allow me to delete the owmngr.exe file.  
>However the file does contain about 44kb.
>What can I do next, I am not very technical.
>>-----Original Message-----
>>This is "downloader" trojan which downloads a given file
>>from a certain site and runs it. The trojan itself is a
>>Windows PE EXE file, written in MS Visual C++.
>>The trojan file size is about:

>> "Checkin.a":  50Kb
>> "Checkin.b":  45Kb

>>The trojan EXE file does not copy itself to any
>directory
>>but creates the system registry auto-run key:
>>"Checkin.a":

>> HKCU\Software\Microsoft\Windows\CurrentVersion\Run
>>  SysReg = %SystemDir%\SysReg

>>"Checkin.b":
>> HKCU\Software\Microsoft\Windows\CurrentVersion\Run
>>  OWMngr = %SystemDir%\OWMngr.exe

>>It seems that the trojan should be completed
>>by "installator" that performs all steps of trojan
>>installation into the system.
>>The trojan also creates more registry keys:

>> HKCU\Software\IExplore\
>>   Ads
>>   AID
>>   ID
>>   LoggedIn

>>and uses these keys for its internal needs.
>>The trojan then stays as active process (this process is
>>visible in the task list), downloads a file from a Web
>>site, stores it on disk with "update.exe" name and
>>executes it. The Web site name and remote file URL can
>be
>>variable. The trojan downloads that information from
>>another Web site:

>> "Checkin.a":  http://tp.searchseekfind.com
>> "Checkin.b":  http://ads.onwebmedia.com

>>with using the "Checkin.pl" file in there.
>>>-----Original Message-----
>>>I have a Trojan virus called OwMngr.exe on my computer,
>>my AV software
>>>picked it up (AVG Grisoft).

>>>I can't get rid of it. Every I delete the file it comes
>>back again and
>>>re-inserts its self on my program start-up list.

>>>Help appreciated........Please

>>>Thanks

>>>Tom

>>>.

>>.

>.



Fri, 09 Dec 2005 03:00:36 GMT  
 OwMngr.exe
GOT!

Here is what I did...
1) Disconnected from the internet.  
2) Searched for any files containing 'checkin'.  There
were 4, one for each user login in the 'temp internet
files' directory.
3) Deleted each of these.
4) Rescanned the system32 folder and deleted the found
virus.
5) Did a complete rescan and no virus!

There you go.

Joe

Quote:
>-----Original Message-----
>I just got the same virus.  I will be watching and
>searching for a solution.
>>-----Original Message-----
>>I could not locate the "checkin a or b" files and the
>>system would not allow me to delete the owmngr.exe
file.  
>>However the file does contain about 44kb.
>>What can I do next, I am not very technical.
>>>-----Original Message-----
>>>This is "downloader" trojan which downloads a given
file
>>>from a certain site and runs it. The trojan itself is a
>>>Windows PE EXE file, written in MS Visual C++.
>>>The trojan file size is about:

>>> "Checkin.a":  50Kb
>>> "Checkin.b":  45Kb

>>>The trojan EXE file does not copy itself to any
>>directory
>>>but creates the system registry auto-run key:
>>>"Checkin.a":

>>> HKCU\Software\Microsoft\Windows\CurrentVersion\Run
>>>  SysReg = %SystemDir%\SysReg

>>>"Checkin.b":
>>> HKCU\Software\Microsoft\Windows\CurrentVersion\Run
>>>  OWMngr = %SystemDir%\OWMngr.exe

>>>It seems that the trojan should be completed
>>>by "installator" that performs all steps of trojan
>>>installation into the system.
>>>The trojan also creates more registry keys:

>>> HKCU\Software\IExplore\
>>>   Ads
>>>   AID
>>>   ID
>>>   LoggedIn

>>>and uses these keys for its internal needs.
>>>The trojan then stays as active process (this process
is
>>>visible in the task list), downloads a file from a Web
>>>site, stores it on disk with "update.exe" name and
>>>executes it. The Web site name and remote file URL can
>>be
>>>variable. The trojan downloads that information from
>>>another Web site:

>>> "Checkin.a":  http://tp.searchseekfind.com
>>> "Checkin.b":  http://ads.onwebmedia.com

>>>with using the "Checkin.pl" file in there.
>>>>-----Original Message-----
>>>>I have a Trojan virus called OwMngr.exe on my
computer,
>>>my AV software
>>>>picked it up (AVG Grisoft).

>>>>I can't get rid of it. Every I delete the file it
comes
>>>back again and
>>>>re-inserts its self on my program start-up list.

>>>>Help appreciated........Please

>>>>Thanks

>>>>Tom

>>>>.

>>>.

>>.

>.



Fri, 09 Dec 2005 03:25:27 GMT  
 OwMngr.exe
It is classified as a malicious virus. You can delete it
thru Registry. Run regedit, then delete the OWMngr.exe
there under microsoft and run.

You can access this web site:

http://www.f-secure.fi/v-descs/checkin.shtml

Hope that helps.

Rudy

Quote:
>-----Original Message-----
>you are only deleting part of the virus by the looks of

it the virus name is
Quote:
>TROJ_CHECKIN.B below is the trend micro removal tool for
that virus ( I
>havn't used it myself ) after you run the removal tool

scan you system ( all
Quote:
>files ) to get rid of the rest.

>http://www.trendmicro.com/ftp/products/tsc/sysclean.com


message


win.server.ntli.net...
Quote:
>> I have a Trojan virus called OwMngr.exe on my computer,
my AV software
>> picked it up (AVG Grisoft).

>> I can't get rid of it. Every I delete the file it comes
back again and
>> re-inserts its self on my program start-up list.

>> Help appreciated........Please

>> Thanks

>> Tom

>.



Sat, 10 Dec 2005 00:16:31 GMT  
 
 [ 8 post ] 

 Relevant Pages 

1. 32-Bit NMAKE.EXE, LINK.EXE, LIB.EXE, & RC.EXE

2. c5print.exe and c5printx.exe cannot run in the root directory of a network drive

3. cscn.exe and cvvt.exe

4. ABC Exe Called From Clarion Exe

5. Splitting a big .exe in a smale.exe and many ddl's in C4b

6. ntvdm.exe - Application Error when running C55EE.exe

7. close exe form another exe

8. need cw21lpex.exe or c4lpex.exe

9. Running one EXE from another EXE

10. making the exe readonly / exe in a network

11. GPF in EXE calling EXE

12. EXE + DLL ----> EXE

 

 
Powered by phpBB® Forum Software