Jump to content
Sign in to follow this  
leander93

wininet.dll errors: mom.exe, ccc.exe etc.

Recommended Posts

Hello there

 

i've seen some resembling issues pass here, so i decided to give it a go :)

 

Since yesterday i have been experiencing this wininet.dll error. Program cant be started, because wininet.dll is missing

At startup i have this for MOM.exe, CCC.exe and when i startup wow64.exe myself

 

Generally i have been expercieing my pc as extremely slow at some moments and programs, but not for everything

 

I havent yet updated my ati driver to beta, i am still runnign on 13.1.

 

I have run malware bytes, and it founded one more infection

accompying log:

 

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Databaseversie: v2013.03.27.09
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Leander-thuis :: LEANDER-THUIS [administrator]
27-3-2013 21:04:55
mbam-log-2013-03-27 (21-04-55).txt
Scan type: Volledige scan (C:|)
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 116284
Verstreken tijd: 2 uur/uren, 40 minuut/minuten, 3 seconde(n) [beëindigd]
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 1
C:$Recycle.BinS-1-5-21-88106922-3016794483-3337105248-1000$RFIVHNJ.exe (Backdoor.Bot) -> Succesvol in quarantaine geplaatst en verwijderd.
(end)
Many thanks in advance for any help i'll recieve
Leander
Edited by leander93

Share this post


Link to post
Share on other sites

MOM.exe and CCC.exe are both part of Catalyst control center which is part the ATI driver package for your video card.

 

The item found by MBAM is a backdoor!

 

 

Your computer appears to have been infected by a backdoor trojan. These programs have the ability to steal passwords and other information from your system. If you use your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

  • [*]Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use. [*]Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account. [*]Consider what other private information could possibly have been taken from your computer and take appropriate steps

This infection might be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

If you wish to reformat then please let me know in your next response.

 

 

Share this post


Link to post
Share on other sites

I think reformatting the system will be the way to go. I just noticed my anti-virus disappeared and was deinstalled. seems to me it is pretty aggresive against other programs

 

Luckily i dont use credit card and banking doens't work with passwords, that saves alot of trouble. I've slowly began to change the passwords for the most important sites i have

 

I'll first need to rescue some important files, but i can reformat the system myself. That isnt a problem for me.

 

Any idea where this virus comes from? to prevent it in the future?

Edited by leander93

Share this post


Link to post
Share on other sites

I can only hazard a guess. I would need more information to actually identify which one it is... but my guess would be a zero access variant. Therefore I'd guess that the most likely source was an email. Some versions of the contaminated email purport to be from a legitimate company... the better business bureau, the IRS, UPS... something along those lines. They will have a link in them telling you that you need to click it to see what the problem they have with you is... or why your package couldn't get delivered... and the link downloads the infections.

 

This is just one scenario. Other possibilities are infected downloads (typically using P2P sites) .

Share this post


Link to post
Share on other sites

Luckily i dont use credit card and banking doesn't work with passwords, that saves alot of trouble. I've slowly began to change the passwords for the most important sites i have

Need to change passwords on a known clean computer, as Tom said this one had a backdoor on it.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...