Author Topic: Please help 3 processes infected.  (Read 2072 times)

0 Members and 1 Guest are viewing this topic.

Offline sepiashimmer

  • Newbie
  • *
  • Posts: 16
Please help 3 processes infected.
« on: November 08, 2012, 12:02:47 AM »
My computer has been running slowly from 3 months, I've run boot time scan of my whole computer at least twice. but whatever it found during that scan they were deleted. But my computer was still running slowly and was randomly freezing with high cpu usage. Today, I've created a custom scan selecting memory and rootkits(full). After the completion of the whole scan, Avast showed that it has found 3 virus, 2 of high risk and 1 of medium risk.

1 explorer.exe process is infected with Win32:Malware-gen which is show as high risk.
2 rundll32.exe process is infected with Win32:RunDllMod [Susp]
3 cmdagent.exe process is infected with Win32:FakeVimes-B [Trj]

I'm unable to select and apply any action on these processes. Please suggest a way to remove this.

Offline adotd

  • Sr. Member
  • ****
  • Posts: 277
Re: Please help 3 processes infected.
« Reply #1 on: November 08, 2012, 12:30:17 AM »
. Today, I've created a custom scan selecting memory and rootkits(full). After the completion of the whole scan, Avast showed that it has found 3 virus, 2 of high risk and 1 of medium risk.

1 explorer.exe process is infected with Win32:Malware-gen which is show as high risk.
2 rundll32.exe process is infected with Win32:RunDllMod [Susp]
3 cmdagent.exe process is infected with Win32:FakeVimes-B [Trj]


To be honest running memory scans, does come up with so many false positives

cmdagent.exe = Comodo

Quote
Process name: Comodo Agent Service
Application using this process: Comodo Firewall
Process author: Comodo

explorer.exe + rundll32.exe = Microsoft


I would recommend you to:

Attach your logs. (AdwCleaner, MBAM, OTL and aswMBR..!!)
Instructions: http://forum.avast.com/index.php?topic=53253.0

So a malware specialist can see if you have any active malware on your system

Anthony 8)
« Last Edit: November 08, 2012, 12:32:22 AM by adotd »