What is bwgo000a288c.exe that has lately been residing in my task manager?

---

Clarification of Question by gpatrick-ga on 15 Jul 2002 01:41 PDT

Also, it's morph capable.  Everytime I ctrl-alt-del, it has a new
name, but it doesn't come back until I reboot my computer.  Lastly,
when I go into my 'temp' folder, there are all of the past morph's but
only at 1kb.
Thanks

You can open the file "bwgo000a288c.exe" from Notepad and see what
strings are in there.  It might give a .dll or another .exe or other
files, helping you find out it's true identity and purpose.  You can
then use google to search on those files.

Also if it is a virus, you might want to check your in and out
mailboxes.

You might want to consider deeper why you suspect it is spyware.

Also, trying to isolate when it first started occuring might help with
your search.

Standard suggestions:  update your virus protection software, check
your firewall, backup your files (but consider they might be
infected).

Other people might want as a clarification, what system you are
running and which mail program (Outlook?).

Good luck.

Something that might give you an idea, where you have gotten this
trojan/virus etc.
Find earliest copy of those exe:s and do a search thru your hard disk
with *.* in period of day to week around that date. What programs are
installed/used?
Check also other weird dll:s and other files which are
installed/modified that day, try seeking google with them. (If name of
eg. dll is very common, try adding words like "virus" or "trojan" to
your search.)

Aswell you may try to search thru your Internet Explorers cache during
that day, which sites have been visited, an emails, which you have
received if any?

Once you find the source it could give more information...


Luck, To0d

Having a variable name each time, reminds an infection with a variant
of Klez. Check the following URL and update your virus scanner:

http://www.ntsecurity.net/Panda/Index.cfm?FuseAction=Virus&virusID=1136

Also, if you are running Windows 9x/ME/XP, try running msconfig to
check which programs launch at the startup.

Backweb creates temporary files named bwgo*.exe to your temporary
folder.

Backweb is currently being distributed as a standalone program for
receiving notifications from various sources.

Backweb is also used by F-Secure Antivirus which uses backweb to get
it's database updates from f-secure. If you have F-Secure Anti-virus
5.x installed, this is most likely the case.

If you think it is commercial spyware (as opposed to a malicious
application like a virus), try running Ad-aware (
http://www.lavasoft.de/ ) which stays current with identifying and
removing the latest spyware.