CML.exe - a threat?

[aenemic]

this process starts up when I start my computer and all it says under description is "loop". it's located in the Windows/System32 folder. I can't recall ever seeing it before, but I might just not have noticed it.

I did a quick search and got lots of websites offering me free means of removing the threat, but no where did it say specifically what kind of threat this was and I'm assuming I would get pretty much the same search results if I searched for pretty much any other .exe filename.

I've done a full scan with both Spybot: Search & Destroy and Avast but nothing appeared there.

am I just being paranoid?

 

[Xellos]

try hijackthis and paste the log there http://www.hijackthis.de/

 

[Leon]

Delete System32.


Actually, I looked on my computers and I certainly don't have it. Google searches point to info about trojans and the vague description of "loop MFC Application belonging to loop Application," as if that would be any help at all.

See if you can:
Kill the process without it starting back up automatically
Disable the startup entry in msconfig or CCleaner, and see if it still pops up on a reboot.
Try making a copy somewhere safe (say, in a compressed archive on your desktop) and deleting the original. If it's being persistent, see if you can delete it with Unlocker.

And pay attention to see if it breaks anything when you poke at it. It might be something otherwise innocuous.

 

[aenemic]

thanks for the advice, I'll check out hijackthis.

I actually tried deleting it when I first found it. I stopped the process, and nothing seemed to happen. it didn't start again as far as I know, but I went to work soon after and once I got home I restarded my computer without looking first so I really can't tell. I just stopped it again and will wait for a while to see if it starts up on its own.

anyways, like I said I tried deleting it and it didn't let me. that's when I started getting really worried.

I'll let you know once I've looked around a bit more. if anyone else comes up with anything, please let me know too.

 

[UncannyGarlic]

I just dealt with a trojan last weekend (fucking banner ad) and you usually have to restart your computer in safe mode to kill it (yay for .dll files, never used unlocker but it might allow you to do the same thing). Unfortunately for me, my anti-virus (fucking norton) caught everything except the trojan and I ended up using Spybot Search and Destroy to kill it. Next time I'd suggest googling it, the first result I got said that it could be a trojan, another said that it could be spyware. Regardless, all of the results I got said that it wasn't a microsoft or any other trusted company process so I'd suggest trashing it before it trashes your comp.

 

[aenemic]

thanks, seems like restarting in safe mode was the way to go. I deleted the file without any problems. I've also installed ad-aware to see if that one finds something the others haven't found.

but like I said, I searched google right away for cml.exe and pretty much all I got was sites telling me it could be malware. but I also did searches for csrss.exe and similar files, which should be running on your system, and also got sites telling me it could be malware. so you never know. lots of sites just want to trick you into using their "free" virus scans, which might in fact only install more unwanted crap on your computer.

EDIT: btw, is it safe placing files you suspect are malware in the trash bin before you remove them completely? or can they do harm even from there?

 

[Misteryo]

Do you by any chance have Microsoft Visual Studio installed? I ask because "An application developed with the Microsoft Foundation Class Library can perform background processing either by using the PeekMessage() loop in the library code's main message loop or by embedding another PeekMessage() loop in the application." from this page http://support.microsoft.com/kb/99999. The MFC loop mentioned on the above page would produce a process that only lists as "loop."

Also, I use Avast Antivirus and Spybot S&D, which are both good protection and perform good scans, and they play nice together. Avast you can get to do a thourough scan at boot-up, before the OS launches, and this can find and remove some particularly sneaky things.

 

[SuAside]

don't forget Malwarebytes' Anti-Malware. atm, one of the better pieces of free software around.