No replies to this topic

[1crew]

OK, so I did what I normally know better than to do and managed to download Virtumonde to my system. Trend initially found nothing during manual scans but eventually reported finding 1 infected file with TROJ_VUNDO.ECO. Spybot found and deleted a bunch of stuff but continued to find more at each reboot. I downloaded MBAM and ran it with great results, 98% of all the problems went away.

I still have something there that is running at bootup. I get a zero hits on MBAM and except for a couple of unidentified BHOs, hijack this seems clean. When I run windows taskmanager I see a process running that is not normal, currently it is "VF5933.EXE" but if I kill it, I will eventually see something with a different name running instead. It looks like a random name generator is supplying the name to a process that keeps restarting itself. Occasionally the system will get real slow and when I look, wmiprvse.exe will be using 99% of my system resources. I can kill that through task manager and no other processes seem to be affected but i get my system speed back.

How can identify what process is running at startup and kill it for good!