Jump to content

reflex

Members
  • Posts

    2
  • Joined

  • Last visited

Reputation

0 Neutral
  1. No replies yet... so I continued the war against the spyware/malware I was triggered by the stange *.dat files that the process monitor tool was refering too and noticed that these also popped-up while executing other program such as office applications. It looked like the malware was trying to cause a memory overflow that would eventually lead to a crash. Hence, I had to find and remove these files... In windows explorer these files didn't exist C:\Documents and Settings\All Users\Application Data\ but while using the command prompt (safe mode (F9), cmd, dir /ah, attrib -h asoorloplop.dat) these files (asoorloplop.dat & polpolroosa.dat) did actually appear to be present on the computer!! I made the files visible in the command prompt environment and deleted the files. Reboot and all browser problems, memory errors gone (including the slowdowns I was encountering in MS office) NICE! - I hope this may help someone else too. It took me > 8 hours to find the root cause and kill it. Process Monitor Tool http://technet.microsoft.com/en-us/sysinternals/bb896645
  2. Hi Guys, I need your help/advice for the following. My laptop worked fine until yesterday, after a reboot all my browsers (IE 7.X/FF4.X/Chrome 12.0) crash after a few minutes of surfing the web. Usually without a warning but sometimes they show a memory could not be read error. Laptop: Lenovo T410, Intel i5, 3 GB ram, WIN XP SP3 I did the following: - Upgraded browsers - Disabled/removed add-ons - CCcleaner/drive clean etc. - FULL Memtest86, and no faults found - FULL scans with Spysweeper/Adaware/Maleware bytes (no errors found) - Checked PC for strange hidden files/dir/cleaned temp folders Then I started checking the processes with sysinternal process monitor and it shows that during the browsing process strange *.dat files are "created". See screen shots. Example: Module: asoorloplop.dat Path: C:\DOCUME~1\ALLUSE~1\APPLIC~1\asoorloplop.dat Description: tGpPj37u M version: 4.685.230.0 Company: lInrjG&b !RKnTN3m Of course these files themselves cannot be found or located... but the process monitor shows these items all over the place while running IE/FF/Chrome. It looks like mallware... but I cannot remove it nor can the scan/sweep programs... HELP is appreciated Reflex http://www.almering.com/download/mg/hijackthis.log
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.