Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

what appears to be vundo that malwarebytes can't remove


  • This topic is locked This topic is locked
2 replies to this topic

#1 jpiezo

jpiezo

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 06 March 2010 - 08:15 PM

Hello,

It was requested that I help a client with an issue of their computer running slowly and showing many pop-ups when attempting to browse. I went onsite and verified the claim, and when viewing the task manager found hundreds if not thousands of rundll.exe processes running

I ran malwarebytes and it found over 8,000 files that were related and deleted them. However, after reboot the same behavior occured once a gain. Each subsequent time I have run malwarebytes it runs for over 10 hours and essentially freezes.

The only way I could get malware bytes to run is by changing the name of the program.

One of the times when mbam was frozen, I brought up the task manager and noticed a file named "catchme.cfxxe"

I am attaching the results of both gmer and dds

This is a winxp system running sp3 and the anti-virus is freeavg. I inherited this program installed on the system, it is not mine by choice. And since it appears to have allowed this 'xploit to take over, I question it's value compared to either another program or the paid version of avg.

This is one pesky bugger. I have not had quite as ellusive of malware in the past.

Please advise.

Thanks in advance,

Jon

BC AdBot (Login to Remove)

 


#2 jpiezo

jpiezo
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 08 March 2010 - 02:58 PM

Note to Mods, please close this post.

I didn't see a link to perform this task myself, therefore I appreciate your assistance.

Thank you,

Jon


Edited by jpiezo, 08 March 2010 - 03:51 PM.


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:43 AM

Posted 09 March 2010 - 06:59 PM

Since this topic appears to be resolved, I will now close it.

If you need this topic re-opened please send me a PM.

Everyone else, please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users