Jump to content


Photo

stdrt.exe


  • This topic is locked This topic is locked
4 replies to this topic

#1 rozenmanofer

rozenmanofer

    New Member

  • Members
  • Pip
  • 1 posts

Posted 23 March 2010 - 08:58 AM

I believe my computer is infected with a malware that I have not been able to remove either wither with MalwareBytes or the anti-virus that I am using. Its behavior is as follows: Every time I reboot the computer it writes a folder in the Windows > Temp directory which has the filename: "mrtxxxx.tmp" where "xxxx" are random numbers. This folder always contains eleven other files one of which is called "stdrt.exe". "stdrt.exe" then becomes a live process which uses all the other files in the folder so that I cannot delete the folder or any of its contents without first killing the process. It then tries to access the Internet that I block through the firewall. I believe that I have also identified the original malware that caused it. I would like advice to be able to remove this malware if possible.

Attached Files



#2 S!Ri

S!Ri

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 10,418 posts
  • Gender:Male

Posted 23 March 2010 - 09:19 AM

Hello

Files you post will be analyzed,
Please ask for help in this section: http://forums.malwar...php?showforum=7

Regards
Biohazard.gifS!Ri
Research Engineer

staff.png

Follow us: Twitter, Become a fan: Facebook

#3 eepyikes

eepyikes

    New Member

  • Members
  • Pip
  • 2 posts

Posted 21 April 2010 - 12:18 PM

Hi, same exact problem here. Win 7 as well. There is a very high likelyhood (like 99%) that I received this one as a result of the recent Network Solutions hacking...my website was one of those that was compromised, and by visiting it I believe I got this malware/virus.

Syptoms: It played some random audio out of nowhere. I checked task manager and saw that stdrt.exe was using heaps of processing power, so I shut it down and that stopped the audio. Stdrt.exe deletes quite readily if you cancel the process, but it comes back on again after bootup. It is not detected by MSSE, Spybot, Malwarebytes, Comodo AV.

Attached Files



#4 eepyikes

eepyikes

    New Member

  • Members
  • Pip
  • 2 posts

Posted 21 April 2010 - 12:21 PM

Hi, same exact problem here. Win 7 as well. There is a very high likelyhood (like 99%) that I received this one as a result of the recent Network Solutions hacking...my website was one of those that was compromised, and by visiting it I believe I got this malware/virus.

Syptoms: It played some random audio out of nowhere. I checked task manager and saw that stdrt.exe was using heaps of processing power, so I shut it down and that stopped the audio. Stdrt.exe deletes quite readily if you cancel the process, but it comes back on again after bootup. It is not detected by MSSE, Spybot, Malwarebytes, Comodo AV.


Oh, and the rar of the tmp folder.

Attached Files



#5 Fatdcuk

Fatdcuk

    Malware BBQ'er

  • Moderators
  • PipPipPipPipPipPip
  • 20,550 posts
  • Gender:Male
  • Location:127.0.0.1

Posted 21 April 2010 - 04:01 PM

Hi eepyikes,

I will take a look at the files shortly :(
Ade Gill
Research Engineer

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users