reflex
-
Posts
2 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by reflex
-
-
Hi Guys,
I need your help/advice for the following. My laptop worked fine until yesterday, after a reboot all my browsers (IE 7.X/FF4.X/Chrome 12.0) crash after a few minutes of surfing the web. Usually without a warning but sometimes they show a memory could not be read error.
Laptop: Lenovo T410, Intel i5, 3 GB ram, WIN XP SP3
I did the following:
- Upgraded browsers
- Disabled/removed add-ons
- CCcleaner/drive clean etc.
- FULL Memtest86, and no faults found
- FULL scans with Spysweeper/Adaware/Maleware bytes (no errors found)
- Checked PC for strange hidden files/dir/cleaned temp folders
Then I started checking the processes with sysinternal process monitor and it shows that during the browsing process strange *.dat files are "created". See screen shots. Example:
Module: asoorloplop.dat
Path: C:\DOCUME~1\ALLUSE~1\APPLIC~1\asoorloplop.dat
Description: tGpPj37u M
version: 4.685.230.0
Company: lInrjG&b !RKnTN3m
Of course these files themselves cannot be found or located... but the process monitor shows these items all over the place while running IE/FF/Chrome. It looks like mallware... but I cannot remove it nor can the scan/sweep programs...
HELP is appreciated
Reflex
Browser crashes - Mallware
in Resolved Malware Removal Logs
Posted
No replies yet... so I continued the war against the spyware/malware
I was triggered by the stange *.dat files that the process monitor tool was refering too and noticed that these also popped-up while executing other program such as office applications. It looked like the malware was trying to cause a memory overflow that would eventually lead to a crash.
Hence, I had to find and remove these files...
In windows explorer these files didn't exist C:\Documents and Settings\All Users\Application Data\ but while using the command prompt (safe mode (F9), cmd, dir /ah, attrib -h asoorloplop.dat) these files (asoorloplop.dat & polpolroosa.dat) did actually appear to be present on the computer!! I made the files visible in the command prompt environment and deleted the files.
Reboot and all browser problems, memory errors gone (including the slowdowns I was encountering in MS office)
NICE! - I hope this may help someone else too. It took me > 8 hours to find the root cause and kill it.
Process Monitor Tool
http://technet.microsoft.com/en-us/sysinternals/bb896645