Windows NT / 2000 / XP RSS Windows NT / 2000 / XP RSS

CPMebc86926 / e8fb5aba /hovevifedi in Run (Registry)

Reply

Join Date: Apr 2006
Posts: 2
Reputation: powerthink is an unknown quantity at this point 
Solved Threads: 0
powerthink powerthink is offline Offline
Newbie Poster

CPMebc86926 / e8fb5aba /hovevifedi in Run (Registry)

 
0
  #1
Dec 1st, 2008
Hi guys,
I have those things in the Run section of Registry

Key Name: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Class Name: <NO CLASS>
Last Write Time: 12/2/2008 - 1:07 PM
Value 0
Name: CTFMON.EXE
Type: REG_SZ
Data: C:\WINDOWS\system32\ctfmon.exe

Value 1
Name: CPMebc86926
Type: REG_SZ
Data: Rundll32.exe "c:\windows\system32\dumepiwo.dll",a

Value 2
Name: e8fb5aba
Type: REG_SZ
Data: rundll32.exe "C:\WINDOWS\system32\suvatepe.dll",b

Value 3
Name: hovevifedi
Type: REG_SZ
Data: Rundll32.exe "C:\WINDOWS\system32\lameweka.dll",s

Any idea what they are?
Thanks.

Apparently they are not there anymore, there are 3 rundll messages come up with error loading ......
Google it does not come up with anything.




Powerthink
Last edited by powerthink; Dec 1st, 2008 at 10:25 pm.
Reply With Quote Quick reply to this message  
Join Date: May 2005
Posts: 3,204
Reputation: gerbil will become famous soon enough gerbil will become famous soon enough 
Solved Threads: 188
gerbil gerbil is offline Offline
Nearly a Senior Poster

Re: CPMebc86926 / e8fb5aba /hovevifedi in Run (Registry)

 
0
  #2
Dec 2nd, 2008
The first is a system file, the others pests.
==Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebyt...are_d5756.html
or: http://www.besttechie.net/tools/mbam-setup.exe
=Dclick that file, mbam-setup.exe, to install the application,
-ensure that it is set to update and start, else start it via the icon.
Select "Perform Quick Scan", then click Scan; the application will guide you through the remaining steps.
ENSURE that EVERYTHING found has a CHECKMARK against it, then click Remove Selected.
If malware has been found [and removed] MBAM will automatically produce a log for you... do not click the Save Logfile button.
When it completes examine the log: if some files are listed as Delete on Reboot then restart your machine before continuing.
Post the Notepad log [it is also saved under Logs tab in MBAM].
Deep, deep in the woods, but walking about.
Reply With Quote Quick reply to this message  
Join Date: Apr 2006
Posts: 2
Reputation: powerthink is an unknown quantity at this point 
Solved Threads: 0
powerthink powerthink is offline Offline
Newbie Poster

Re: CPMebc86926 / e8fb5aba /hovevifedi in Run (Registry)

 
0
  #3
Dec 2nd, 2008
Hi Gerbil,
Thanks for your advice.
At this time of the year I have to reimage that laptop. But for more information that happened when an African guy plug the usb into her laptop.
Cheers
Reply With Quote Quick reply to this message  
Reply

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Other Threads in the Windows NT / 2000 / XP Forum
Thread Tools Search this Thread



.net 64bit 2007 2010 a.exe activedirectory address android apache appstore automatically black blue bsod bulletin canonical chinese chkdsk codeplex combofix cursor deployment deployments desktop desktops dns drive eartlink error errors explorer fax features fontmanagers format framework freeze hardware home internet interoperability laptop laptops lcd linux login mac markshuttleworth memory microsoft monitor motionle1600 netbooks novell nvidia open opensource operatingsystems options oracle osinstallationproblem osx palm partition printer program proxy reformat remotedesktop repair replacingraiddrive retail retrieve screen security sharepoint simplifiedchinese sitetositevpn slowperformance sp3 spyware studios technology ubuntu update upgrade videodrivers videogames virus vista visual vpn win win32/heur windows windows7 windowsxp windowsxpnotstartingup. xp xpde
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC