Unwise.exe - dodgy file? - Foo forum at WebmasterWorld

Forum Moderators: open

Message Too Old, No Replies

Unwise.exe - dodgy file?

limbo

6:59 pm on Nov 14, 2004 (gmt 0)

I just spotted the file named unwise.exe in my system folder? Any one know what this is? Sounds dodgy to me and is making me nervous. I am getting mixed answers through Google - some say spyware, others a windows program used during uninstalls. If you have any info I'd really like to know more.

Cheers, Limbo.

duckhunter

7:42 pm on Nov 14, 2004 (gmt 0)

Symantec is reporting it as a backdoor Trojan. Appears rather nasty too.

Backdoor.NetTrojan can be configured in many different ways. If the Trojan is set to use its default settings, it does the following:
Copies itself as %Windir%\Unwise.exe. It also deletes the files from that particular folder.
NOTE: %Windir% is a variable. The virus locates the Windows installation folder (by default, this is C:\Windows or C:\Winnt) and copies itself to that location. It deletes the files from this folder as well.

[securityresponse.symantec.com ]

limbo

10:50 pm on Nov 14, 2004 (gmt 0)

Oh *#@&!

Going off to war - thanks duckhunter....

*click*

limbo

2:41 pm on Nov 15, 2004 (gmt 0)

Duckhunter

Looks like it was a false alarm. The file was one of a few unwise.exe files found within the programmes folder and within opera, lavasoft and macromedia applications. Used by these programs to uninstall files. The Trojan has the same file name but is not related and should be picked up by up-to-date AV protection. Checked my registry and 2 machines at work and found no instance of the trojan but did find identical unwise files in each of the applications mentioned.

Thanks for your help anyway, always better to be safe than sorry :)