TechSpot

mmdmm.exe ==>slow pc ,internet disconects suddenly ,lot of bytes send out of my pc

By badboys4l
Oct 3, 2007
  1. i was attacked by winantivirus and i posted my problems here and we were finishing cleaning my pc when suddenly the boy who was helping me disappears and stoped repling to my posts.
    and also these few days i m having problems i hijacked my pc and studied the process running i found this mmdmm.exe its kind of spyware i think after searching the net.
    my pc kind of disconnects from internet and i m not able to connect again till i restart my pc.
    and if tht happen (the disconnection) my media player stop working saying no hard ware.
    and also i m geeting a lot of backdoor trojan alerts from my avg antivirus and when i say heal as recomended and my pc starts to act in strange ways.
    here i s hijack this log
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

    Also, let me know the results of the AVG Antirootkit scan.

    Regards Howard :wave: :wave:

    This thread is for the use of badboys4l only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. badboys4l

    badboys4l TS Rookie Topic Starter Posts: 26

    wut abt if i dont want to clean.
    and i dont have avg antispyware i have removed it after getting spybot s&d
    and also i dont have avg antirootkit
     
  4. Jase123

    Jase123 Banned Posts: 1,012

    Yes still download these and upload the attachments. You can always uninstall them after.

    Regards Jase :)

    This thread is for the use of badboys4l only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. badboys4l

    badboys4l TS Rookie Topic Starter Posts: 26

    oky i have downloaded everything .
    except the avg antispyware can i use spybot s&d instead
     
  6. Jase123

    Jase123 Banned Posts: 1,012

    Well you can yes, but if you wanted to make sure your system is completely cleaned then it would be advisable to download it. Just unistall it after if you don't want it.

    Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread.

    Regards Jase :)

    This thread is for the use of badboys4l only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. badboys4l

    badboys4l TS Rookie Topic Starter Posts: 26

    hello srry for the late reply
    i have tried to run all the programs u asked in the order u told me
    and nothing is getting better there r regular popups and slow pc

    here is my fresh HJT log
     
  8. Jase123

    Jase123 Banned Posts: 1,012

    Please post a HJT log as an attachment. see how here.

    Regards Jase :)
     
  9. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You haven`t followed the instructions, nor have you posted the requested log files/results.

    Do the following.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    mmsass

    Close the services window.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    mmdmm.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O4 - HKLM\..\RunServices: [mmsass] mmdmm.exe

    O15 - Trusted Zone: *.stumbleupon.com

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    mmdmm.exe<Search your system for this file and delete all instances found.

    Reboot into normal mode and rehide your protected OS files.

    Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

    Also, let me know the results of the Panda Antirootkit scan.

    Regards Howard :)

    This thread is for the use of badboys4l only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  10. badboys4l

    badboys4l TS Rookie Topic Starter Posts: 26

    i dont have avg antisppyware but i have spybot search and desttroy.
    and also i got avg antirootkit instead of panda.

    so is it ok if i use spybot s&d and avg antirootkit.
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    No, I need your to post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

    Also, let me know the results of the Panda Antirootkit scan. The Panda Antirootkit programme is better than the AVG Antirootkit programme.

    Sorry, but these are required.

    Regards Howard :)

    This thread is for the use of badboys4l only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  12. Jase123

    Jase123 Banned Posts: 1,012

    Yes you should install AVG Antispyware ect...

    After, you can always uninstall any of them if you don't want them.

    Regards Jase :)
     
  13. badboys4l

    badboys4l TS Rookie Topic Starter Posts: 26

    i have run all
    and the logs are attached and also i have run the panda anti rootkit but i havent got the log repopt so tell me where panda saves it.
    in safe mode i have tried to stop mmsass service but there was no such service runing but i have searched mmdmm.exe and deleted all i got

    and also i included fresh HJT log
     
  14. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    All items in your AVG Antispyware log say "No Action Taken". That`s because you haven`t told AVG Antispyware to quarantine it`s results as per the instructions. See this pictorial guide.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    mmsass<According to your HJT log, this service is definitely running.

    Close the services window.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    AS.exe
    mmdmm.exe
    ApcMain.exe
    dna.exe

    Close task manager.

    O4 - HKLM\..\Run: [ActiveSpeed] C:\Program Files\Ascentive\ActiveSpeed\AS.exe -b

    O4 - HKLM\..\Run: [mmsass] mmdmm.exe

    O4 - HKLM\..\RunServices: [mmsass] mmdmm.exe

    O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\ApcMain.exe -m

    O4 - HKCU\..\Run: [Tucan] "C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 2 for AntiRootkit.zip\PAVARK.exe" /Monitor

    O4 - HKUS\S-1-5-21-436374069-1202660629-839522115-500\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\ApcMain.exe -m (User '?')

    O4 - HKUS\S-1-5-21-436374069-1202660629-839522115-500\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe" (User '?')

    O4 - HKUS\S-1-5-21-436374069-1202660629-839522115-500\..\Run: [Tucan] "C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 2 for AntiRootkit.zip\PAVARK.exe" /Monitor (User '?')

    O17 - HKLM\System\CCS\Services\Tcpip\..\{C8BE76A0-CB0A-4F8E-9B06-8D5579267825}: NameServer = 213.55.64.36 213.55.64.38<Only fix this, if it doesn`t belong to your ISP.

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    mmdmm.exe<Search your system for this file and delete all instances found.

    Click start/run and type regedit into the run box and press the enter key. When the window appears maximise it. Click file/export and save a copy of your registry to wherever you want.

    Click edit and choose find. Type mmdmm.exe into the dialogue box and click the find next button. Regedit will now search your registry for any entries that contain a reference to mmdmm.exe and display them in the righthand pane. Right click on any such mmdmm.exe entries and choose delete.

    Now click edit again and choose find next. Again, delete any entries that reference mmdmm.exe.

    Repeat the above, until no more mmdmm.exe entries are found.

    Close regedit.

    Reboot into normal mode and rehide your protected OS files.

    Run the Panda antirootkit scan and let me know if it finds anything. If it does, I need to know exactly what is found and it`s exact file path.

    Post fresh HJT, AVG Antispyware and Combofix logs.

    Regards Howard :)

    This thread is for the use of badboys4l only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  15. badboys4l

    badboys4l TS Rookie Topic Starter Posts: 26

    i have opened start/run and type services.msc but still there is no mmsass service
    maybe suggest me another place to look after
     
  16. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    That`s very strange as it`s clearly there in your HJT log.

    Click start run and type msconfig into the run box and hit the enter key.

    Click the services tab and see if you can see it there.

    Regards Howard :)

    This thread is for the use of badboys4l only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  17. badboys4l

    badboys4l TS Rookie Topic Starter Posts: 26

    i searched there and nothing there
     
  18. Jase123

    Jase123 Banned Posts: 1,012

    It's not there. This is a very strange one, as Howard says it's in your HJT log.

    Regards Jase :)
     
  19. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Please post fresh HJT and Combofix logs.

    Regards Howard :)

    This thread is for the use of badboys4l only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  20. badboys4l

    badboys4l TS Rookie Topic Starter Posts: 26

    so should i ignore the step abt mmsass service
     
  21. Jase123

    Jase123 Banned Posts: 1,012

    For the time being yes.

    As howard says post fresh HJT and Combofix logs.

    Regards Jase :)

    This thread is for the use of badboys4l only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  22. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    No, that service is a backdoor trojan that allows a hacker to control your system and steal personal info.

    It needs to be gotten rid of or a format will be necessary.

    Regards Howard :)

    This thread is for the use of badboys4l only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  23. badboys4l

    badboys4l TS Rookie Topic Starter Posts: 26

    oky here is the combofix and HJT logs
     
  24. Jase123

    Jase123 Banned Posts: 1,012

    O4 - HKLM\..\Run: [mmsass] mmdmm.exe

    That needs to be deleted, as Howard says.

    Regards Jase :)
     
  25. badboys4l

    badboys4l TS Rookie Topic Starter Posts: 26

    i have done it before but it appears again when i start my pc
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...