WinMail issue

20-04-2008, 10:55 PM

Hi,

After system cleaning, I discover in c:\users\UserName\AppData\Local\Temp a
..exe file of 258048 bytes (252 KB exactly)

Without problem, I override this file using eraser, but another file with
another name appears (a .dll file this time)

Each time, the filename looks like a windows system name, (dmintf.dll,
WlS0WndH.dll, kbdur1.dll .......). The names seems to be taken randomely
from system32.

I have submitted today one of these files to virustotal, and I got nothing.

I ran processexplorer, and this tool show me that these files in my tempdir
are hooked to winMail.

Does anyone have the same behavior ??

/Philippe

21-04-2008, 05:02 AM

philippe wrote:
> Hi,
>
> After system cleaning, I discover in
> c:\users\UserName\AppData\Local\Temp a .exe file of 258048 bytes (252 KB
> exactly)
>
> Without problem, I override this file using eraser, but another file
> with another name appears (a .dll file this time)
>
> Each time, the filename looks like a windows system name, (dmintf.dll,
> WlS0WndH.dll, kbdur1.dll .......). The names seems to be taken randomely
> from system32.
>
> I have submitted today one of these files to virustotal, and I got nothing.
>
> I ran processexplorer, and this tool show me that these files in my
> tempdir are hooked to winMail.
>
>
>
> Does anyone have the same behavior ??
>
> /Philippe
>
>
>
>
Nope, no such behavior here. When you say "WinMail" I assume you mean
Windows Mail that comes with Vista.

20-04-2008, 10:55 PM	#1
philippe Guest Posts: n/a	WinMail issue Hi, After system cleaning, I discover in c:\users\UserName\AppData\Local\Temp a ..exe file of 258048 bytes (252 KB exactly) Without problem, I override this file using eraser, but another file with another name appears (a .dll file this time) Each time, the filename looks like a windows system name, (dmintf.dll, WlS0WndH.dll, kbdur1.dll .......). The names seems to be taken randomely from system32. I have submitted today one of these files to virustotal, and I got nothing. I ran processexplorer, and this tool show me that these files in my tempdir are hooked to winMail. Does anyone have the same behavior ?? /Philippe

21-04-2008, 05:02 AM	#2
Dave Seven Guest Posts: n/a	Re: WinMail issue philippe wrote: > Hi, > > After system cleaning, I discover in > c:\users\UserName\AppData\Local\Temp a .exe file of 258048 bytes (252 KB > exactly) > > Without problem, I override this file using eraser, but another file > with another name appears (a .dll file this time) > > Each time, the filename looks like a windows system name, (dmintf.dll, > WlS0WndH.dll, kbdur1.dll .......). The names seems to be taken randomely > from system32. > > I have submitted today one of these files to virustotal, and I got nothing. > > I ran processexplorer, and this tool show me that these files in my > tempdir are hooked to winMail. > > > > Does anyone have the same behavior ?? > > /Philippe > > > > Nope, no such behavior here. When you say "WinMail" I assume you mean Windows Mail that comes with Vista.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode