Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System32 Files


  • Please log in to reply
1 reply to this topic

#1 drmwccic

drmwccic

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 27 July 2008 - 02:44 PM

I have a screen that appears evry 2-3 minutes saying the mp3impat.exe had to shut down do I want to send report to Microsoft. I have 6 other computers that will have the same symptoms but with a file name that is different. The computers have returnil running so that when they shut down they restore to a previus time. The program has been running since their initial instal. The only computer which does not have this is one which has XP Pro SP2 which is used for data storage for the others. In addition to the file listed above, there is a file called rtfagobj.dll in system32 which does not seem to belong. Where do I start?
Here is what pops up and the report details

binodmic.exe has encountered a problem and needs to close. We are sorry for the inconvenience.


C:\DOCUME~1\office\LOCALS~1\Temp\WER1bf9.dir00\binodmic.exe.mdmp
C:\DOCUME~1\office\LOCALS~1\Temp\WER1bf9.dir00\appcompat.txt

Edited by drmwccic, 27 July 2008 - 02:56 PM.


BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:02:58 PM

Posted 27 July 2008 - 07:45 PM

Well it seems you have posted in the right forum and the answer would be yes, you are infected

Now the tricky part, how did it get by your VM?

And how do we clean it without your VM reinstalling the infection.

Let's start with a MBAM scan and clean and see what shows up.

http://www.bleepingcomputer.com/forums/ind...st&p=876163

Please post the log and try to answer my 2 questions
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users