what appears to be vundo that malwarebytes can't remove

Hello,

It was requested that I help a client with an issue of their computer running slowly and showing many pop-ups when attempting to browse. I went onsite and verified the claim, and when viewing the task manager found hundreds if not thousands of rundll.exe processes running

I ran malwarebytes and it found over 8,000 files that were related and deleted them. However, after reboot the same behavior occured once a gain. Each subsequent time I have run malwarebytes it runs for over 10 hours and essentially freezes.

The only way I could get malware bytes to run is by changing the name of the program.

One of the times when mbam was frozen, I brought up the task manager and noticed a file named "catchme.cfxxe"

I am attaching the results of both gmer and dds

This is a winxp system running sp3 and the anti-virus is freeavg. I inherited this program installed on the system, it is not mine by choice. And since it appears to have allowed this 'xploit to take over, I question it's value compared to either another program or the paid version of avg.

This is one pesky bugger. I have not had quite as ellusive of malware in the past.

Please advise.

Thanks in advance,

Jon

Note to Mods, please close this post.

I didn't see a link to perform this task myself, therefore I appreciate your assistance.

Thank you,

Jon

Edited by jpiezo, 08 March 2010 - 03:51 PM.

Since this topic appears to be resolved, I will now close it.

If you need this topic re-opened please send me a PM.

Everyone else, please start a new topic.

With Regards,
myrti