what is oruzu

lordzack
lordzack used Ask the Experts™
on
what is oruzu / noseh.exe.  Got 12 semantec warnings:
Write Memory, Create Thread, Allocation Memory,  

No response through Google.

Ken
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
If you are referring to the executable name, please note that some infections can , rename their executables, making it very hard to pinpoint threats through the filename.
Anyhow, if the computer is infected, disinfect it with Combofix, followed by MalwareBytes' AntiMalware full scan.
Is there no mention to the malware variant (Win32.Something)?
Author of the Year 2011
Top Expert 2006

Commented:
I think "noseh.exe" is some kind of .Net command or switch.

We've had a couple of "False Positives" by Symantec reported here lately and this may be another instance.

If an actual file is being identified by Symantec, you can load it and have it scanned here:
http://virusscan.jotti.org/en
Author of the Year 2011
Top Expert 2006
Commented:
@naomelixes,
It is more helpful to our members if you include proper links to any tools you are recommending. Too often an Internet search will return links to boot leg sites.

You might find some helpful hints in this EE Article:
Malware Fighting – Best Practices
Yes, that could be... Please disregard my first post for now and follow youghv's suggestion first.
As for proper links:
Combofix
MBAM
Author of the Year 2011
Top Expert 2006

Commented:
Cool!
:)
Sudeep SharmaTechnical Designer

Commented:
Which Symantec product are you using? can we see the logs or screenshot of the warnings?

Further are these files been quarantine or left by Symantec?

Sudeep
Top Expert 2007

Commented:
"No response through Google."

malware often use random filenames that's why google search doesn't yield any results.

Symantec didn't give any other info on the file? I would just run other scanners as mentioned like ComboFix and Mbam.
We need to see the ComboFix log since CF doesn't autodelete all bad files, that what its script function is for.

Author

Commented:
Thank you for a well set out plan of identifying and removing malware.  I am the type of geek who likes a plan ahead of me and then follow through it.  These are good tips and a structured way of approaching the problem!  I knew I could count on the Experts!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial