Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Double Trouble (Facegame.exe & wimad.e)


  • Please log in to reply
2 replies to this topic

#1 edge302

edge302

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 20 October 2008 - 05:40 PM

My computer just started doing a bunch of weird things so I checked my anti-virus program (AVG free edition). I noticed in the registry that I had two alerts. One for facegame.exe and one for wimad.e. I think they've been removed by the AVG anti-virus but my computer is constantly telling me I'm low on virtual memory, I'm getting a strange backdrop with only windows background showing (it says to click on a link to download some bogus anti-spyware program) and I can't access my task manager.

I'm running Windows XP (I believe Media edition). If you need anymore information let me know.

Any help would be greatly appreciated.

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:04:34 AM

Posted 20 October 2008 - 06:59 PM

facegame.exe

File Behavior

FACEGAME.EXE has been seen to perform the following behavior:

* The Process is packed and/or encrypted using a software packing process
* Adds a Registry Key (RUN) to auto start Programs on system start up
* This Process Deletes Other Processes From Disk
* Can communicate with other computer systems using HTTP protocols
* Writes to another Process's Virtual Memory (Process Hijacking)
* This Process Creates Other Processes On Disk
* Registers a Dynamic Link Library File

FACEGAME.EXE has been the subject of the following behavior:

* Added as a Registry auto start to load Program on Boot up
* Created as a process on disk
* Executed as a Process
* Has code inserted into its Virtual Memory space by other programs
* Terminated as a Process
* Executed from Temporary Folders


Win32/WinAd Family

Threat Assessment
Overall Risk: Low
Wild: Low
Destructiveness: Medium
Pervasiveness: None
Characteristics
Type : Trojan
Category : Win32


You are still infected.

Edited by tg1911, 20 October 2008 - 07:54 PM.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:04:34 AM

Posted 20 October 2008 - 08:35 PM

Until one of the malware experts come along to assist, I'd suggest one of these free online scans to ensure that you're not infected:
(Be advised that some of these scanners will pickup things in "quarantine" from other anti-virus programs - so review the results carefully)

http://housecall.trendmicro.com
http://www.pandasecurity.com/homeusers/solutions/activescan/
http://www.kaspersky.com/virusscanner Scan Only - no removal
http://www.bitdefender.com/scan8/ie.html
http://support.f-secure.com/enu/home/ols.shtml
http://us.mcafee.com/root/mfs/default.asp
http://onlinescan.avast.com/
http://ca.com/us/securityadvisor/virusinfo/scan.aspx
http://www.eset.com/onlinescan/

<links compiled on 02/14/2008>
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users