Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

multiple rundll32.exe processes/beeps every hour


  • Please log in to reply
3 replies to this topic

#1 rkmalen

rkmalen

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 10 June 2011 - 08:21 AM

We have multiple machines running Windows XP, both service pack 2 and 3, that beep multiple times every hour and multiple rundll32.ese files show up in Processes. These rundlls take up around 5k of memory each, and with 30 or 40 running, that drastically slows down our machines. I have run our VIPRE anti-virus, as well as Malware Bytes and Lavasoft Adaware. Everything comes up clean. I have run the Process Explorer to determine what is running the file. The command line shows rundll32.exe tlfueu.yzb,kkmrm

the tlfueu.yxb was a Confiker file that was supposedly deleted by our virus software and other Conficker removal tools show that the machine does not have Conficker.

Also, I have noticed that in scheduled tasks, there are some (ranging from 5 to 3000) tasks called At* (where * is a number). I have deleted those tasks, and the machines are clean of Conficker (supposedly), so why do the tasks reappear?

Thanks.

BC AdBot (Login to Remove)

 


#2 whoabuddy

whoabuddy

    Bleepin' Verbose


  • Malware Response Instructor
  • 2,053 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cottonwood, AZ
  • Local time:10:33 PM

Posted 10 June 2011 - 09:15 AM

We have multiple machines running Windows XP, both service pack 2 and 3, that beep multiple times every hour and multiple rundll32.ese files show up in Processes. These rundlls take up around 5k of memory each, and with 30 or 40 running, that drastically slows down our machines. I have run our VIPRE anti-virus, as well as Malware Bytes and Lavasoft Adaware. Everything comes up clean. I have run the Process Explorer to determine what is running the file. The command line shows rundll32.exe tlfueu.yzb,kkmrm

the tlfueu.yxb was a Confiker file that was supposedly deleted by our virus software and other Conficker removal tools show that the machine does not have Conficker.

Also, I have noticed that in scheduled tasks, there are some (ranging from 5 to 3000) tasks called At* (where * is a number). I have deleted those tasks, and the machines are clean of Conficker (supposedly), so why do the tasks reappear?

Thanks.


It sounds like there is still a reference to these files in the registry, and after reading around on-line it sounds like any machines still exhibiting the rundll32.exe behavior or the scheduled jobs are still infected with the Conficker virus. What specific steps have you taken to remove the virus so far?

In order for the community to assist you better, please follow the steps here to post the DDS and GMER logs for review in the correct forum, and Bleeping Computer also has a self-help guide on removing the virus as well.
Meditate. Elevate. Appreciate. | "Life is a journey, love is the destination, happiness is the path!"
If I am helping you and have not responded within 48 hours, please send me a PM.
Vi Veri Universum Vivus Vici (VVVVV)
Excellent Security Advice
Proud member of UNITE

#3 rkmalen

rkmalen
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 10 June 2011 - 09:42 AM

I have used the Conficker Removal Tool by Enigma Software Group to clean the machines, and VIPRE Enterprise to fully scan and wipe Conficker from the machines. I am starting to install the MS08-67 patch to all machines as well. Most machines have Automatic Updates turned off.

#4 whoabuddy

whoabuddy

    Bleepin' Verbose


  • Malware Response Instructor
  • 2,053 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cottonwood, AZ
  • Local time:10:33 PM

Posted 10 June 2011 - 09:56 AM

I have not personally removed this particular virus, however after looking over the self-help guide it sounds like the tools you are using may or may not be disabling/removing ALL of the virus. If time is critical I would try the step by step procedure on a few PCs to see if Bitdefender's tool works any better than what you're currently trying, as well as disabling the autorun on all the machines in your network until the infection is removed. Otherwise post the logs up in the other forum that I linked and someone from the Malware Removal Team should be able to help identify what you should do next.

Best of luck!
Meditate. Elevate. Appreciate. | "Life is a journey, love is the destination, happiness is the path!"
If I am helping you and have not responded within 48 hours, please send me a PM.
Vi Veri Universum Vivus Vici (VVVVV)
Excellent Security Advice
Proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users