Security Incidents mailing list archives

Re: maoqmwgn.exe

From: "Matthew Closson" <matt () mclosson com>
Date: Fri, 16 Apr 2004 00:55:30 -0400

I have removed this spyware from a number of systems this week.  Even after
running spyware removal tools and checking startup registry keys I might
also check for c:\windows\system32\msconfig32.exe which added the spyware
back into the startup and or reinstalled it.  This portion was not detected
nor removed by adaware or spybot.

                                        -Matt-

Sent: Thursday, April 15, 2004 12:41 PM
Subject: Fw: maoqmwgn.exe
It looks like another version of the Golden Palace Casino downloader worm.
Yuck.



---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

maoqmwgn.exe George M. Garner Jr. (Apr 15)
- Re: maoqmwgn.exe Mike (Apr 15)
- Re: maoqmwgn.exe Nick FitzGerald (Apr 16)
- <Possible follow-ups>
- Fw: maoqmwgn.exe Bob (Apr 15)
  - Re: maoqmwgn.exe Matthew Closson (Apr 16)