Re: VX2?
From: boaz (nospam_at_yahoo.com)
Date: 08/29/05
- Previous message: David H. Lipman: "Re: VX2?"
- In reply to: David H. Lipman: "Re: VX2?"
- Next in thread: David H. Lipman: "Re: VX2?"
- Reply: David H. Lipman: "Re: VX2?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 29 Aug 2005 13:56:06 -0700
Hi,
I have tried all of them. None of them works.
I think couple many posts below he/she has the same problem:
-------------------------------------------------------------------------------
I've spent the last couple of days trying to get rid of the Aurora
"Abetterinternet" malware. I ran the Sophos scan using David Lipman's
advice which identified a couple of Trojan's. (Sophos tool 13 hours to
complete the scan, haven't run Trend - McAfee is my "native" installation).
Hopefully having used Nailfix, the problem is now finally resolved.
(nail.exe re-spawns when deleted).
However, there is something still amiss.
Using Windows Task Manager process display, there is an unknown process
running, currently "xpgbpo.exe". It was previously "arsmpxq.exe".
When this process is deleted it respawns with a different random name, it
starts at 180k then its use of memory grows. I've found the file in
C:\windows\system32 with a files size of 89k it has a buddy "rjdvkm" and
I'm convinced a third "ready to go" with a file size of 0KB "afnhped".
All these names appear to be random and I've deleted the live process a
dozen times and the filename is always 6 or 7 characters in length.
If I delete the live process then a new process is spawned with a new
random name. This is an extract from Filemon where I deleted "armspxq" and
it is re-spawned as "xpgbpo" McAfee can be seen running, but doesn't flag
any issues, don't know why.
Neither Sophos or McAfee flag this as a virus, unless I've made a poor job
of cleaning up - any ideas?
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:O1nxttNrFHA.2064@TK2MSFTNGP09.phx.gbl...
> From: "boaz" <nospam@yahoo.com>
>
> | Hi,
> |
> | I have not been able to get rid of this thing.
> | It is running even in Safe Mode.
> |
> | There is a process with random file name. (and a strange one named
> MIXBMW)
> | As soon as I end the process, it makes a copy itself with a different
> name
> | in System32 even in Safe Mode.
> |
> | help please.
> |
>
> Please download, install and update the following software...
>
> Ad-aware SE v1.06
> http://www.lavasoft.de/
> http://www.lavasoftusa.com/
>
> Ad-aware Vx2 add-on (plug-in)...
> http://updates.ls-servers.com/vx2cleaner_inst.exe
>
>
> SpyBot Search and Destroy v1.4
> http://security.kolla.de/
>
> After the software is updated, I suggest scanning the system in Safe Mode.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
- Previous message: David H. Lipman: "Re: VX2?"
- In reply to: David H. Lipman: "Re: VX2?"
- Next in thread: David H. Lipman: "Re: VX2?"
- Reply: David H. Lipman: "Re: VX2?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
