I was recently employed at a school district's IT department, and one teacher sent a help request on a computer that "crashed with the error "OUT_OF_MEMORY"."
I thought this was strange. Especially since the PC in question was an Alienware! (the district was so rich they had to donate money or they would reach the limit on their 3 accounts!)
So I turned it on, and opened Task Manager.
300 instances of Explorer.exe and growing fast!
I used taskkill to kill all of them and restarted the first Explorer (that way the desktop and stuff work) and everything works OK. No more multiple Explorer processes!
I wrote a script to end them all and restart it and made it run after ~5 seconds once everything was loaded.
It worked, but it infects routers. It infects endpoints afterward, using HTTP packets and redirecting to the router, where the code is injected into the cache and set up.
Has anyone encountered this before?
Edited by Orange Blossom, 05 July 2015 - 02:48 PM.
Moved to AII. ~ OB