Jump to content

'Good Memory' infection


Recommended Posts

Howdy, all,

LTNS :)

OK, so my Dad gets on the net on his laptop and surfs around looking at legitimate websites - He's the directory of a Master's Program at a nearby university, so he was browsing various colleges in India this morning at 8:40 AM EST (roughly 12 hours ago).

All of a sudden he comes to me that his computer is saying that the HD cannot be found and he doesn't know what to do. I had classes this morning and am only now able to take a look.

He has some program that acts almost identically to Antivirus XXXX except that instead of showing infections it shows hardware errors. As soon as I saw it popping up I was suspicious, but when I am ni the middle of the OS running a scan and it tells me that my MBR is corrupted I knew it was a fake - Can't exactly boot into my OS if it was corrupted.

The program that runs has the usual random letters and symbols when running in Task manager, but the title bar shows Good Memory - I searched here and online for for it but cannot find any reference to it.

Anyone heard of this puppy at all? Is this some sort of new 0-day clone of AV XXXX that's taking a different twist and presenting hardware issues that simply are not present?

FWIW:

Dell Inspiron 600m

Windows XP SP3

Previously had Symantec Antivirus corporate edition (from the University) but I cannot find any trace of it on there now - looks like it was remvoed, as LiveUpdate is still installed

Initial MBAM Flash scan found 39 infected objects, removed and rebooted, but it is still running. I then manually deleted all files in the temp dir, scanned for an removed a few files located in areas that simply were not meant to be there (and coincidentally had a modified time of just before this started occurring) and now ran a full HD scan, finding only 4 more items, all in the registry for adware - all while this app is running in the system tray telling me every 10 seconds that something is wrong with my HD or low memory or whatever....

I have the logs that I can post up from MBAM, and I am now booted into SafeMode, where it seems the sucker cannot load, but since I am finding no info on it, not sure where to go now....

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.