Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AV Security Suite - Second Time in Two Weeks


  • Please log in to reply
1 reply to this topic

#1 Steve Bau

Steve Bau

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 20 July 2010 - 09:58 PM

I'm running Windows XP Pro SP3. On July 10th, AV Security Suite infected my computer. I followed the steps at http://www.bleepingcomputer.com/virus-remo...-security-suite and thought I had removed it. Everything seemed back to normal.

Then all of a sudden today, AV Security Suite popped up again. MBAM is running now, and while removing HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "hdpxmpstssd.exe" I noticed the following odd entries:

"net"="\"C:\\WINDOWS\\system32\\net.net\""
"ewrgetuj"="C:\\temp\\geurge.exe"
"sta"="rundll32 \"ymzvp.dll\",,Run"
"MChk"="C:\\WINDOWS\\system32\\lmzvp.exe"
"Jvuhiqowal"="rundll32.exe \"C:\\WINDOWS\\ivadarex.dll\",Startup"

Are these part of the infections?

BC AdBot (Login to Remove)

 


#2 Steve Bau

Steve Bau
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 21 July 2010 - 12:09 PM

I forgot to update MBAM! After I did that, it looks like my computer's fine now. I also ran Spybot SAD and that removed Virtumonde.prx ("Jvuhiqowal"="rundll32.exe \"C:\\WINDOWS\\ivadarex.dll\",Startup").




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users