Virus, OwMngr.exe

OwMngr.exe

Author	Message
thomas.tillso #1 / 8	OwMngr.exe I have a Trojan virus called OwMngr.exe on my computer, my AV software picked it up (AVG Grisoft). I can't get rid of it. Every I delete the file it comes back again and re-inserts its self on my program start-up list. Help appreciated........Please Thanks Tom
Sat, 03 Dec 2005 00:38:42 GMT

Habitatua #2 / 8	OwMngr.exe you are only deleting part of the virus by the looks of it the virus name is TROJ_CHECKIN.B below is the trend micro removal tool for that virus ( I havn't used it myself ) after you run the removal tool scan you system ( all files ) to get rid of the rest. http://www.trendmicro.com/ftp/products/tsc/sysclean.com Quote: > I have a Trojan virus called OwMngr.exe on my computer, my AV software > picked it up (AVG Grisoft). > I can't get rid of it. Every I delete the file it comes back again and > re-inserts its self on my program start-up list. > Help appreciated........Please > Thanks > Tom
Sat, 03 Dec 2005 12:12:40 GMT

E.Ashb #3 / 8	OwMngr.exe This is "downloader" trojan which downloads a given file from a certain site and runs it. The trojan itself is a Windows PE EXE file, written in MS Visual C++. The trojan file size is about: "Checkin.a": 50Kb "Checkin.b": 45Kb The trojan EXE file does not copy itself to any directory but creates the system registry auto-run key: "Checkin.a": HKCU\Software\Microsoft\Windows\CurrentVersion\Run SysReg = %SystemDir%\SysReg "Checkin.b": HKCU\Software\Microsoft\Windows\CurrentVersion\Run OWMngr = %SystemDir%\OWMngr.exe It seems that the trojan should be completed by "installator" that performs all steps of trojan installation into the system. The trojan also creates more registry keys: HKCU\Software\IExplore\ Ads AID ID LoggedIn and uses these keys for its internal needs. The trojan then stays as active process (this process is visible in the task list), downloads a file from a Web site, stores it on disk with "update.exe" name and executes it. The Web site name and remote file URL can be variable. The trojan downloads that information from another Web site: "Checkin.a": http://tp.searchseekfind.com "Checkin.b": http://ads.onwebmedia.com with using the "Checkin.pl" file in there. Quote: >-----Original Message----- >I have a Trojan virus called OwMngr.exe on my computer, my AV software >picked it up (AVG Grisoft). >I can't get rid of it. Every I delete the file it comes back again and >re-inserts its self on my program start-up list. >Help appreciated........Please >Thanks >Tom >.
Tue, 06 Dec 2005 19:59:09 GMT

Steve #4 / 8	OwMngr.exe I could not locate the "checkin a or b" files and the system would not allow me to delete the owmngr.exe file. However the file does contain about 44kb. What can I do next, I am not very technical. Quote: >-----Original Message----- >This is "downloader" trojan which downloads a given file >from a certain site and runs it. The trojan itself is a >Windows PE EXE file, written in MS Visual C++. >The trojan file size is about: > "Checkin.a": 50Kb > "Checkin.b": 45Kb >The trojan EXE file does not copy itself to any directory >but creates the system registry auto-run key: >"Checkin.a": > HKCU\Software\Microsoft\Windows\CurrentVersion\Run > SysReg = %SystemDir%\SysReg >"Checkin.b": > HKCU\Software\Microsoft\Windows\CurrentVersion\Run > OWMngr = %SystemDir%\OWMngr.exe >It seems that the trojan should be completed >by "installator" that performs all steps of trojan >installation into the system. >The trojan also creates more registry keys: > HKCU\Software\IExplore\ > Ads > AID > ID > LoggedIn >and uses these keys for its internal needs. >The trojan then stays as active process (this process is >visible in the task list), downloads a file from a Web >site, stores it on disk with "update.exe" name and >executes it. The Web site name and remote file URL can be >variable. The trojan downloads that information from >another Web site: > "Checkin.a": http://tp.searchseekfind.com > "Checkin.b": http://ads.onwebmedia.com >with using the "Checkin.pl" file in there. >>-----Original Message----- >>I have a Trojan virus called OwMngr.exe on my computer, >my AV software >>picked it up (AVG Grisoft). >>I can't get rid of it. Every I delete the file it comes >back again and >>re-inserts its self on my program start-up list. >>Help appreciated........Please >>Thanks >>Tom >>. >.
Thu, 08 Dec 2005 21:00:56 GMT

Joe #5 / 8	OwMngr.exe Quote: >-----Original Message----- >I could not locate the "checkin a or b" files and the >system would not allow me to delete the owmngr.exe file. >However the file does contain about 44kb. >What can I do next, I am not very technical. >>-----Original Message----- >>This is "downloader" trojan which downloads a given file >>from a certain site and runs it. The trojan itself is a >>Windows PE EXE file, written in MS Visual C++. >>The trojan file size is about: >> "Checkin.a": 50Kb >> "Checkin.b": 45Kb >>The trojan EXE file does not copy itself to any >directory >>but creates the system registry auto-run key: >>"Checkin.a": >> HKCU\Software\Microsoft\Windows\CurrentVersion\Run >> SysReg = %SystemDir%\SysReg >>"Checkin.b": >> HKCU\Software\Microsoft\Windows\CurrentVersion\Run >> OWMngr = %SystemDir%\OWMngr.exe >>It seems that the trojan should be completed >>by "installator" that performs all steps of trojan >>installation into the system. >>The trojan also creates more registry keys: >> HKCU\Software\IExplore\ >> Ads >> AID >> ID >> LoggedIn >>and uses these keys for its internal needs. >>The trojan then stays as active process (this process is >>visible in the task list), downloads a file from a Web >>site, stores it on disk with "update.exe" name and >>executes it. The Web site name and remote file URL can >be >>variable. The trojan downloads that information from >>another Web site: >> "Checkin.a": http://tp.searchseekfind.com >> "Checkin.b": http://ads.onwebmedia.com >>with using the "Checkin.pl" file in there. >>>-----Original Message----- >>>I have a Trojan virus called OwMngr.exe on my computer, >>my AV software >>>picked it up (AVG Grisoft). >>>I can't get rid of it. Every I delete the file it comes >>back again and >>>re-inserts its self on my program start-up list. >>>Help appreciated........Please >>>Thanks >>>Tom >>>. >>. >.
Fri, 09 Dec 2005 02:58:19 GMT

Joe #6 / 8	OwMngr.exe I just got the same virus. I will be watching and searching for a solution. Quote: >-----Original Message----- >I could not locate the "checkin a or b" files and the >system would not allow me to delete the owmngr.exe file. >However the file does contain about 44kb. >What can I do next, I am not very technical. >>-----Original Message----- >>This is "downloader" trojan which downloads a given file >>from a certain site and runs it. The trojan itself is a >>Windows PE EXE file, written in MS Visual C++. >>The trojan file size is about: >> "Checkin.a": 50Kb >> "Checkin.b": 45Kb >>The trojan EXE file does not copy itself to any >directory >>but creates the system registry auto-run key: >>"Checkin.a": >> HKCU\Software\Microsoft\Windows\CurrentVersion\Run >> SysReg = %SystemDir%\SysReg >>"Checkin.b": >> HKCU\Software\Microsoft\Windows\CurrentVersion\Run >> OWMngr = %SystemDir%\OWMngr.exe >>It seems that the trojan should be completed >>by "installator" that performs all steps of trojan >>installation into the system. >>The trojan also creates more registry keys: >> HKCU\Software\IExplore\ >> Ads >> AID >> ID >> LoggedIn >>and uses these keys for its internal needs. >>The trojan then stays as active process (this process is >>visible in the task list), downloads a file from a Web >>site, stores it on disk with "update.exe" name and >>executes it. The Web site name and remote file URL can >be >>variable. The trojan downloads that information from >>another Web site: >> "Checkin.a": http://tp.searchseekfind.com >> "Checkin.b": http://ads.onwebmedia.com >>with using the "Checkin.pl" file in there. >>>-----Original Message----- >>>I have a Trojan virus called OwMngr.exe on my computer, >>my AV software >>>picked it up (AVG Grisoft). >>>I can't get rid of it. Every I delete the file it comes >>back again and >>>re-inserts its self on my program start-up list. >>>Help appreciated........Please >>>Thanks >>>Tom >>>. >>. >.
Fri, 09 Dec 2005 03:00:36 GMT

joe #7 / 8	OwMngr.exe GOT! Here is what I did... 1) Disconnected from the internet. 2) Searched for any files containing 'checkin'. There were 4, one for each user login in the 'temp internet files' directory. 3) Deleted each of these. 4) Rescanned the system32 folder and deleted the found virus. 5) Did a complete rescan and no virus! There you go. Joe Quote: >-----Original Message----- >I just got the same virus. I will be watching and >searching for a solution. >>-----Original Message----- >>I could not locate the "checkin a or b" files and the >>system would not allow me to delete the owmngr.exe file. >>However the file does contain about 44kb. >>What can I do next, I am not very technical. >>>-----Original Message----- >>>This is "downloader" trojan which downloads a given file >>>from a certain site and runs it. The trojan itself is a >>>Windows PE EXE file, written in MS Visual C++. >>>The trojan file size is about: >>> "Checkin.a": 50Kb >>> "Checkin.b": 45Kb >>>The trojan EXE file does not copy itself to any >>directory >>>but creates the system registry auto-run key: >>>"Checkin.a": >>> HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>> SysReg = %SystemDir%\SysReg >>>"Checkin.b": >>> HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>> OWMngr = %SystemDir%\OWMngr.exe >>>It seems that the trojan should be completed >>>by "installator" that performs all steps of trojan >>>installation into the system. >>>The trojan also creates more registry keys: >>> HKCU\Software\IExplore\ >>> Ads >>> AID >>> ID >>> LoggedIn >>>and uses these keys for its internal needs. >>>The trojan then stays as active process (this process is >>>visible in the task list), downloads a file from a Web >>>site, stores it on disk with "update.exe" name and >>>executes it. The Web site name and remote file URL can >>be >>>variable. The trojan downloads that information from >>>another Web site: >>> "Checkin.a": http://tp.searchseekfind.com >>> "Checkin.b": http://ads.onwebmedia.com >>>with using the "Checkin.pl" file in there. >>>>-----Original Message----- >>>>I have a Trojan virus called OwMngr.exe on my computer, >>>my AV software >>>>picked it up (AVG Grisoft). >>>>I can't get rid of it. Every I delete the file it comes >>>back again and >>>>re-inserts its self on my program start-up list. >>>>Help appreciated........Please >>>>Thanks >>>>Tom >>>>. >>>. >>. >.
Fri, 09 Dec 2005 03:25:27 GMT

Rudy #8 / 8	OwMngr.exe It is classified as a malicious virus. You can delete it thru Registry. Run regedit, then delete the OWMngr.exe there under microsoft and run. You can access this web site: http://www.f-secure.fi/v-descs/checkin.shtml Hope that helps. Rudy Quote: >-----Original Message----- >you are only deleting part of the virus by the looks of it the virus name is Quote: >TROJ_CHECKIN.B below is the trend micro removal tool for that virus ( I >havn't used it myself ) after you run the removal tool scan you system ( all Quote: >files ) to get rid of the rest. >http://www.trendmicro.com/ftp/products/tsc/sysclean.com message win.server.ntli.net... Quote: >> I have a Trojan virus called OwMngr.exe on my computer, my AV software >> picked it up (AVG Grisoft). >> I can't get rid of it. Every I delete the file it comes back again and >> re-inserts its self on my program start-up list. >> Help appreciated........Please >> Thanks >> Tom >.
Sat, 10 Dec 2005 00:16:31 GMT

Page 1 of 1

[ 8 post ]