Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Mor.exe has stopped working?

06 Mar 2012   #1
gbu

Windows 7 Ultimate x64 SP1
 
 
Mor.exe has stopped working?

The last couple of days ive had a window pop-up that says 'mor.exe has stopped working'
Iv'e noticed this comes up when i visit a site that uses java as the java icon appears in the toolbar at the same time as the window pops up.
The detailed info that is shown is:-
Fault Module Name: mor.exe
Quote:
Fault Module Version: 0.0.0.0
Fault Module Timestamp: 721c31e7
Exception Code: c0000005
Exception Offset: 0003910b
OS Version: 6.1.7601.2.1.0.256.1
Locale ID: 2057
Additional Information 1: 0a9e
Additional Information 2: 0a9e372d3b4ad19135b953a78882e789
Additional Information 3: 0a9e
Additional Information 4: 0a9e372d3b4ad19135b953a78882e789

Read our privacy statement online:
Windows 7 Privacy Statement - Microsoft Windows

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt
i click on Close Program and the java icon goes away.


My System SpecsSystem Spec
.

06 Mar 2012   #2

Microsoft Community Contributor Award Recipient

Windows 7 Ult. x64 Windows 8.1 x64
 
 

Hi,

There appears to be quite a few hits for this file as being associated with a malware infection. Java is often used as a vehicle for malware delivery, so I think its best to scan your system for malware.

Please perform an online scan using this link, and then post the results back here:

http://www.eset.eu/eset-online-scanner

This way we can rule this out.

Regards,
Golden
My System SpecsSystem Spec
06 Mar 2012   #3
gbu

Windows 7 Ultimate x64 SP1
 
 

Thanks for the reply, heres what the scan found:-
Quote:
C:\Users\James\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\4fd90665-49176361 Java/Exploit.Blacole trojan
C:\Users\James\AppData\Roaming\sdra64.exe Win32/Spy.Zbot.WM trojan
C:\Windows\System32\aigovox.dll a variant of Win32/Urlbot.NAO trojan
C:\Windows\System32\movuxavi.exe a variant of Win32/Urlbot.NAT trojan
C:\Windows\System32\MPK\MpkNetInstall.exe probably a variant of Win32/Agent.EUDBPIN trojan
C:\Windows\SysWOW64\aigovox.dll a variant of Win32/Urlbot.NAO trojan
C:\Windows\SysWOW64\movuxavi.exe a variant of Win32/Urlbot.NAT trojan
C:\Windows\SysWOW64\MPK\MpkNetInstall.exe probably a variant of Win32/Agent.EUDBPIN trojan
My own AV Microsoft Security Essentials picked up these before this scan was run.:-

Quote:
Exploit:Java/CVE-2011-3544.AV
file:C:\Users\James\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5675a445-743090a4->Men.class

Exploit:Java/CVE-2011-3544.AU
file:C:\Users\James\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\3ba307a2-5361461b->Loo.class
My System SpecsSystem Spec
.


06 Mar 2012   #4

Microsoft Community Contributor Award Recipient

Windows 7 Ult. x64 Windows 8.1 x64
 
 

Hi,

Yes - thats a good demonstration on the vulnerabilities of Java, especially if its not updated.

Some of these trojans appear to be backdoor trojans, meaning your system could be significanly compromised. I prefer to get a professional malware removalist opinion ion this, so I will ask Jacee and/or Corinne to make a recommendation.

They will either:
1. Guide you through a removal process, or
2. Recommend a format + clean install

If the infection is that severe, only a clean install can guarantee complete removal.

In the meantime, backup all your user data to an external drive, and also more importantly, on a different clean computer change all your passwords on your email, bank accounts etc. etc.

Regards,
Golden
My System SpecsSystem Spec
06 Mar 2012   #5
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

.. doubled possted message, ignore
My System SpecsSystem Spec
06 Mar 2012   #6
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

sdra64.exe Win32/Spy.Zbot.WM trojan
sdra64.exe | ThreatExpert statistics

Warning! Backdoor Trojans

These are the most dangerous, and most widespread, type of Trojan.
Backdoor Trojans provide the author or ‘master’ of the Trojan with remote ‘administration’ of victim machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer and more.
If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately to include those used for email, eBay and forums.
You should consider them to be compromised.

They should be changed by using a different computer and not the infected one, if not an attacker may get the new passwords and transaction information.

Banking and credit card institutions should be notified of the possible security breech.
More info can be found below:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
How to report ID theft, fraud, drive-by installs, hijacking and malware? Security | DSLReports.com, ISP Information

Please ask for more help here: Virus, Spyware & Malware Removal - What the Tech
My System SpecsSystem Spec
07 Mar 2012   #7

Microsoft Community Contributor Award Recipient

Windows 7 Ult. x64 Windows 8.1 x64
 
 

Thanks Jacee.
My System SpecsSystem Spec
07 Mar 2012   #8
gbu

Windows 7 Ultimate x64 SP1
 
 

Thanks for the help Jacee and Golden
Quote:
Once installed, backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer and more.
After reading this part it got me thinking as to a recent problem i had with my router that kept cutting out, i phoned tech support for BeUnlimited and they guided me through a process to allow them to set up remote access to my pc in order to update the firmware and reset some of my settings.
Could this be something the scan is picking up on?
My System SpecsSystem Spec
07 Mar 2012   #9

Microsoft Community Contributor Award Recipient

Windows 7 Ult. x64 Windows 8.1 x64
 
 

Hi,

I think it is unlikely that this could have caused the problem, but you should consider it possible. Did you turn OFF the remote connection option after they were finished?

I would very strongly urge you to follow Jacee's advice she posted.

Come back and let us know how you get on after visiting the site she recommended.

Regards,
Golden


Attached Images
 
My System SpecsSystem Spec
07 Mar 2012   #10
gbu

Windows 7 Ultimate x64 SP1
 
 

Thanks for the reply and will join that forum and post there shortly.

I just looked and i had the top box checked so it was allowing remote connections, and the bottom one was checked like yours is i have now unticked the top one.
My System SpecsSystem Spec
Reply

 Mor.exe has stopped working?




Thread Tools



Similar help and support threads for2: Mor.exe has stopped working?
Thread Forum
Windows installer has stopped working or setup.exe has stopped working General Discussion
GTA IV has stopped working Gaming
Apps stoped working "...has stopped working" after sleep power off General Discussion
Cod 2 and 4 stopped working on Win 7 Gaming
IE 9 Has Stopped Working Browsers & Mail
GTA IV stopped working Gaming
All my USB's stopped working! Hardware & Devices

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 09:57 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33