Re: VX2?

From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 08/30/05

Next message: boaz: "Re: VX2?"
Previous message: boaz: "Re: VX2?"
In reply to: boaz: "Re: VX2?"
Next in thread: boaz: "Re: VX2?"
Reply: boaz: "Re: VX2?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 29 Aug 2005 18:21:11 -0400

From: "boaz" <nospam@yahoo.com>

| Hi,
|
| I have tried all of them. None of them works.
| I think couple many posts below he/she has the same problem:
|
| -------------------------------------------------------------------------------
| I've spent the last couple of days trying to get rid of the Aurora
| "Abetterinternet" malware. I ran the Sophos scan using David Lipman's
| advice which identified a couple of Trojan's. (Sophos tool 13 hours to
| complete the scan, haven't run Trend - McAfee is my "native" installation).
|
| Hopefully having used Nailfix, the problem is now finally resolved.
| (nail.exe re-spawns when deleted).
|
| However, there is something still amiss.
|
| Using Windows Task Manager process display, there is an unknown process
| running, currently "xpgbpo.exe". It was previously "arsmpxq.exe".
|
| When this process is deleted it respawns with a different random name, it
| starts at 180k then its use of memory grows. I've found the file in
| C:\windows\system32 with a files size of 89k it has a buddy "rjdvkm" and
| I'm convinced a third "ready to go" with a file size of 0KB "afnhped".
|
| All these names appear to be random and I've deleted the live process a
| dozen times and the filename is always 6 or 7 characters in length.
|
| If I delete the live process then a new process is spawned with a new
| random name. This is an extract from Filemon where I deleted "armspxq" and
| it is re-spawned as "xpgbpo" McAfee can be seen running, but doesn't flag
| any issues, don't know why.
|
| Neither Sophos or McAfee flag this as a virus, unless I've made a poor job
| of cleaning up - any ideas?

And is that with the new v2.0 Vx2 cleaner ad-on (plug-in) for Ad-aware SE ?

-- 
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Next message: boaz: "Re: VX2?"
Previous message: boaz: "Re: VX2?"
In reply to: boaz: "Re: VX2?"
Next in thread: boaz: "Re: VX2?"
Reply: boaz: "Re: VX2?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: VX2?
... I ran the Sophos scan using David Lipman's ... haven't run Trend - McAfee is my "native" installation). ... Neither Sophos or McAfee flag this as a virus, unless I've made a poor job ... > After the software is updated, I suggest scanning the system in Safe Mode. ...
(microsoft.public.security.virus)
Re: SPR/Madtol.C program
... Prior to downloading AV-CSL I definitely permitted my security ... system to let pass AV-CSL (Trend, Sophos and McAfee) through the firewall. ... Anyway, I deleted the McAfee folder, disabled my firewall and re-downloaded ...
(microsoft.public.windowsxp.security_admin)
Re: AV
... Sophos only do corporates now. ... The corporate version of Norton and McAfee aren't so bad, ...
(uk.rec.sheds)
RE: [Full-Disclosure] Good Antivirus solution for Solaris 9.0
... > SUN Solaris platform. ... Last time I checked, McAfee, Sophos, Vexira, Computer Associates, to ...
(Full-Disclosure)