Y
yootzee
Greetings all,
I am trying to help a family member (sis-n-law) who has apparently received
a virus, which I have yet to identify, and am hoping someone has seen this.
Here are the details:
I have their winXP system running with an account using standard privileges
(I'll just call it "user"), and the virus hasn't affected the administered
account, only user.
She indicated to me that no email attachments had been opened recently, they
rarely get any attachments, and when they do, it is from trusted sources,
and they know that the attachments are coming prior, so for now, I'm ruling
email infection out.
The problem seems to have originated via a pop up add clicked on using IE
6.x. What she says happened is that she was browsing, came to an unknown
site (she can't remember the url) and a pop up window appeared indicating
that "you may have a virus" or something similar (these seem to be
prevalent), and she clicked somewhere on the window trying to close it.
Upon clicking on the window, the harddrive starts going crazy, and the
system locks up.
When I examine it, and log into the user account, the cpu is maxed out. I
look in the task manager, and the cpu is maxed out because roughly 200+
*.exe's are running. The files are garbage names, all starting with the
letter 'a' followed by a sequence of random letters i.e. aBuqRretzr.exe. If
one is killed via task manager, it appears that 5 or 10 more will be
generated.
After some searching, I located these EXE's in the system32 directory. All
are 54kb in size. I've googled some of the file names just for the heck of
it, and havn't found anything. I've thrown Trend Micro, Symantec, AdAware,
Spybot, and HiJackThis at this, and none have found anything. I've also
been checking the registry, primarily
HKLM/software/ms/windows/currentversion/run and runonce, and don't see
anything in there that shouldn't be.
Anyone have any ideas, cause I have run out of 'em.
Thanks in advance,
yootzee
I am trying to help a family member (sis-n-law) who has apparently received
a virus, which I have yet to identify, and am hoping someone has seen this.
Here are the details:
I have their winXP system running with an account using standard privileges
(I'll just call it "user"), and the virus hasn't affected the administered
account, only user.
She indicated to me that no email attachments had been opened recently, they
rarely get any attachments, and when they do, it is from trusted sources,
and they know that the attachments are coming prior, so for now, I'm ruling
email infection out.
The problem seems to have originated via a pop up add clicked on using IE
6.x. What she says happened is that she was browsing, came to an unknown
site (she can't remember the url) and a pop up window appeared indicating
that "you may have a virus" or something similar (these seem to be
prevalent), and she clicked somewhere on the window trying to close it.
Upon clicking on the window, the harddrive starts going crazy, and the
system locks up.
When I examine it, and log into the user account, the cpu is maxed out. I
look in the task manager, and the cpu is maxed out because roughly 200+
*.exe's are running. The files are garbage names, all starting with the
letter 'a' followed by a sequence of random letters i.e. aBuqRretzr.exe. If
one is killed via task manager, it appears that 5 or 10 more will be
generated.
After some searching, I located these EXE's in the system32 directory. All
are 54kb in size. I've googled some of the file names just for the heck of
it, and havn't found anything. I've thrown Trend Micro, Symantec, AdAware,
Spybot, and HiJackThis at this, and none have found anything. I've also
been checking the registry, primarily
HKLM/software/ms/windows/currentversion/run and runonce, and don't see
anything in there that shouldn't be.
Anyone have any ideas, cause I have run out of 'em.
Thanks in advance,
yootzee