Some more new malware that is hitting computers today. Thankfully there is a tool that can remove this one (or at least in my case). This blog post is about the Poweliks virus. You can find more detailed information about this virus on a couple other sites. I have the links at the bottom of the article.
The G DATA SecurityLabs have analyzed persistent malware which resides in the registry only and therefore does not create any file on the infected system. An overview of this mechanism was firstly described quite recently in the KernelMode.info forum. The analyzed sample is dropped by a Microsoft Word document which exploits the vulnerability described in CVE-2012-0158. The document was reported to be found as an attachment of fake Canada Post and/or USPS email which claims to hold information about ordered items for the recipient of the spam.
I connected to a customer’s computer the other day. The laptop’s CPU usage was near 100% and had all kinds of crazy processes running. One process in particular was named inobbcrsb.exe. This process was posing as a Google Chrome process. Also fixmapi.exe and msfeedssync.exe were using up an incredible amount of processing power.
First off download Process Explorer. You can see way more information on what is exactly happening with the processes on your computer. I knew inobbcrsb.exe had to be no good! I right-clicked on the process tree and suspended the process. I checked the path where this executable was Continue reading
Malware I hate it with a passion! The new malware coming out these days is extremely smart. Recently, I had the opportunity or maybe misfortune of having to try to remove some malware.
The customer contacted us and said his laptop had been running very slowly the past week or two. He told us the process, explorer.exe was hogging a lot of memory, sometimes up to 4 gigabytes of it! I connected and began troubleshooting his problem and soon came to the conclusion that malware was definitely the culprit for making his laptop run slowly. I will list my steps and what I tried, bear with me if I’m kind of scattered. I went down a lot of dead-end streets before killing the malware.
Step One: Download Process Explorer and Process Monitor. These tools were immensely helpful in identifying what processes were using up memory and processor.
I ran Processor Explorer and soon saw the parent Explorer.exe process had a sub process hiding underneath it called Explorer.exe. Continue reading
I use a Lenovo T440s laptop for my service calls and when I need to do work remotely. My laptop runs Windows 8.1 Professional. I love this laptop and it has proved to be tough as well as extremely fast. I noticed a couple weeks ago that my battery was going dead after about an hour of usage. I also noticed that my cooling fan in the laptop was running louder than normal. I decided to open Task Manger on my laptop to see what the issue was. I soon noticed that a process called rundll32.exe was using around 25 percent of my CPU. I killed the process and everything returned to normal.
A few days later, my battery was going dead very rapidly. My cooling fan was on almost constantly and was blowing warm air. I opened Task Manger and sure enough, rundll32.exe was using 25% of my CPU again. I killed the process and everything was fine. It wasn’t long and my laptop was doing the exact same thing as I described before. I decided it was time to get to the bottom of this issue. Here is how I troubleshot what program was using the rundll32.exe and in the process was killing my battery.
Step One: I downloaded Process Explorer. This is an excellent tool. It is similar to Task Manager but goes into way more depth on the processes and dlls that are running. I extracted the download and then ran Process Explorer as an administrator.
Step Two: One of the first things I noticed was rundll32.exe was using 23 percent of my CPU again. Continue reading