Jump to content

Memory Processes Infected: Failed to Unload Process


Recommended Posts

Helping a friend with removing malware and person ran MBA-M and ended up with this in their log:

C:\WINDOWS\system32\drivers\svchost.exe (Trojan.FakeAlert) -> Failed to unload process.

Memory Modules Infected:

C:\Documents and Settings\user\Application Data\Google\mjkdpl.dll (Trojan.FakeAlert) -> Delete on reboot.

the above noted and all other instances were removed.

But, now the person's HJT log shows this O4 entry, which previously was not there before;

O4 - HKCU\..\Run: [windpipe] "C:\Documents and Settings\user\Application Data\Google\fhexj6825097.exe" 2

Not really sure how to proceed now.

Thanks.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.