new_man
2008-08-26, 07:10
I found this strange dll file inside the %temp% directory. result of Google told me that file is malware. So I know that file is dangerous. But I can't remove it. Here is what happened when that malware in actions :
10 mins after computer boot up, there's nothing happen. Everything seem to be normal. But after 10 mins, my network activity is dramatically increased. In fact, I did'nt do anything, even I'm not browsing. Then I trace that,and found my %temp% dir is filled with file '01.gif', '03.gif', and 'xx.gif' (note that 'xx' value is random number). I see on my task manager that there are more than one 'rundll32.exe' proccess are running (two or three and sometimes four process run at the same time). Then I trace that and found these another dll files : c:\windows\apppatch\desktopwin.dll, c:\windows\update.dll, and c:\windows\sysocmgr.dll. I don't know if there are another malicious dll files. Even after that, there are another strange process are running, they are c:\windows\system32\explore.exe, and c:\windows\system32\lenschk.exe. Oh yeah, i forgot, there is iexplorer.exe process, but I didn't open any web browser. And time after time, the computer is getting slow and slower. And finally, it crash, freezing, there's nothing else I can do.
Help guys. I have internet cafe with 5 of 10 my computer is like that. Please, I need your expert help how to remove that things because I don't want to reinstall all of 5 computer OS in one time.
Sorry for my bad english.
Thanks
10 mins after computer boot up, there's nothing happen. Everything seem to be normal. But after 10 mins, my network activity is dramatically increased. In fact, I did'nt do anything, even I'm not browsing. Then I trace that,and found my %temp% dir is filled with file '01.gif', '03.gif', and 'xx.gif' (note that 'xx' value is random number). I see on my task manager that there are more than one 'rundll32.exe' proccess are running (two or three and sometimes four process run at the same time). Then I trace that and found these another dll files : c:\windows\apppatch\desktopwin.dll, c:\windows\update.dll, and c:\windows\sysocmgr.dll. I don't know if there are another malicious dll files. Even after that, there are another strange process are running, they are c:\windows\system32\explore.exe, and c:\windows\system32\lenschk.exe. Oh yeah, i forgot, there is iexplorer.exe process, but I didn't open any web browser. And time after time, the computer is getting slow and slower. And finally, it crash, freezing, there's nothing else I can do.
Help guys. I have internet cafe with 5 of 10 my computer is like that. Please, I need your expert help how to remove that things because I don't want to reinstall all of 5 computer OS in one time.
Sorry for my bad english.
Thanks