Register | Login
Views: 19364387
Main | Memberlist | Active users | ACS | Commons | Calendar | Online users
Ranks | FAQ | Color Chart | Photo album | IRC Chat
11-02-05 12:59 PM
0 user currently in Hardware/Software.
Acmlm's Board - I2 Archive - Hardware/Software - Trojan problem...
  
User name:
Password:
Reply:
 

UserPost
Colin
Posts: 1233/11302
I think I have it fixed actually...

It seems to be some sort of spyware trojan. Basically I set up a firewall and nuked each and every file that tried to pull a high-rated intrusion.

Things seem safe now.
kitty
Posts: 834/2449
Colin: If a web search turns up nothing for the name, it's a virus, trojan, or some other thing - a lot make random names and some change it on every boot.
Safe mode, delete the files, and check msconfig for any dll's set to run with RunDll32... or any other stuff you don't know - do a search on them or post here if unsure what they are.
Colin
Posts: 1218/11302
XK: Doesn't always work if the thing keeps coming back from the dead over and over.

I found out the info about the first one but no idea about mmcromon or whatever it is. I just manually deleted it so we'll see...
Pegasus
Posts: 188/251
http://www.computing.net/security/wwwboard/forum/11148.html

VOQW.EXE seems to be a trojan, I'm not sure about MMCROMON.EXE though, but if you use IE, go to http://www.pcpitstop.com/pcpitstop/default.asp and do full tests, from there you should be able to find out what that exe is.

More info on the way, soon.
Xkeeper
Posts: -4519/-863
Originally posted by Colin
Oh wonderful.

I have some psuedo trojan/spyware crap on my PC thanks to a self-installing script on a webpage. (One of those "We don't care if you click yes or no, the crap's going on your PC anyways" scripts.)

Anyways, I ran Spyware first, didn't catch much. Ran Ad-Aware, and that seemed to get rid of most of the spyware stuff. Then I went with a virus scan to be on the safe side... and there were 9 infected files. All of them were either BackDoor.VB.11.AM or BackDoor.VB.11.BC.

It cleaned most of the files, as there was one (VOQW.EXE) it couldn't get rid of. So now I'm trying to get rid of THAT file, while also figuring out why I have a program running called MMCROMON.EXE that takes up 99% of my CPU... (Yes, I did a web search. Found NOTHING matching it.)

Erm... little help? (Basically I'm thinking I should install McAfee or Norton instead of AVG, but this all happened in the span of... 2 hours.)
2 words:

SAFE MODE.

THen trash it.

Still... That's why I hate IE. I use Opera, haven't gotten one bit of this shit since.

But on a side note, if it tells you where the file's at, go in there and MANUALLY trash it.

---

Virus free for a few years now, too. =D
Colin
Posts: 1217/11302
Oh wonderful.

I have some psuedo trojan/spyware crap on my PC thanks to a self-installing script on a webpage. (One of those "We don't care if you click yes or no, the crap's going on your PC anyways" scripts.)

Anyways, I ran Spyware first, didn't catch much. Ran Ad-Aware, and that seemed to get rid of most of the spyware stuff. Then I went with a virus scan to be on the safe side... and there were 9 infected files. All of them were either BackDoor.VB.11.AM or BackDoor.VB.11.BC.

It cleaned most of the files, as there was one (VOQW.EXE) it couldn't get rid of. So now I'm trying to get rid of THAT file, while also figuring out why I have a program running called MMCROMON.EXE that takes up 99% of my CPU... (Yes, I did a web search. Found NOTHING matching it.)

Erm... little help? (Basically I'm thinking I should install McAfee or Norton instead of AVG, but this all happened in the span of... 2 hours.)
Acmlm's Board - I2 Archive - Hardware/Software - Trojan problem...


ABII


AcmlmBoard vl.ol (11-01-05)
© 2000-2005 Acmlm, Emuz, et al



Page rendered in 0.010 seconds.