Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


what appears to be vundo that malwarebytes can't remove

  • This topic is locked This topic is locked
2 replies to this topic

#1 jpiezo


  • Members
  • 2 posts
  • Local time:07:41 AM

Posted 06 March 2010 - 08:15 PM


It was requested that I help a client with an issue of their computer running slowly and showing many pop-ups when attempting to browse. I went onsite and verified the claim, and when viewing the task manager found hundreds if not thousands of rundll.exe processes running

I ran malwarebytes and it found over 8,000 files that were related and deleted them. However, after reboot the same behavior occured once a gain. Each subsequent time I have run malwarebytes it runs for over 10 hours and essentially freezes.

The only way I could get malware bytes to run is by changing the name of the program.

One of the times when mbam was frozen, I brought up the task manager and noticed a file named "catchme.cfxxe"

I am attaching the results of both gmer and dds

This is a winxp system running sp3 and the anti-virus is freeavg. I inherited this program installed on the system, it is not mine by choice. And since it appears to have allowed this 'xploit to take over, I question it's value compared to either another program or the paid version of avg.

This is one pesky bugger. I have not had quite as ellusive of malware in the past.

Please advise.

Thanks in advance,


BC AdBot (Login to Remove)


#2 jpiezo

  • Topic Starter

  • Members
  • 2 posts
  • Local time:07:41 AM

Posted 08 March 2010 - 02:58 PM

Note to Mods, please close this post.

I didn't see a link to perform this task myself, therefore I appreciate your assistance.

Thank you,


Edited by jpiezo, 08 March 2010 - 03:51 PM.

#3 myrti



  • Malware Study Hall Admin
  • 33,772 posts
  • Gender:Female
  • Location:At home
  • Local time:04:41 PM

Posted 09 March 2010 - 06:59 PM

Since this topic appears to be resolved, I will now close it.

If you need this topic re-opened please send me a PM.

Everyone else, please start a new topic.

With Regards,

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!


Follow BleepingComputer on: Facebook | Twitter | Google+

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users