mmdmm.exe ==>slow pc ,internet disconects suddenly ,lot of bytes send out of my pc

Status
Not open for further replies.
B

badboys4l

Posts: 26   +0
i was attacked by winantivirus and i posted my problems here and we were finishing cleaning my pc when suddenly the boy who was helping me disappears and stoped repling to my posts.
and also these few days i m having problems i hijacked my pc and studied the process running i found this mmdmm.exe its kind of spyware i think after searching the net.
my pc kind of disconnects from internet and i m not able to connect again till i restart my pc.
and if tht happen (the disconnection) my media player stop working saying no hard ware.
and also i m geeting a lot of backdoor trojan alerts from my avg antivirus and when i say heal as recomended and my pc starts to act in strange ways.
here i s hijack this log
 
Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

Also, let me know the results of the AVG Antirootkit scan.

Regards Howard :wave: :wave:

This thread is for the use of badboys4l only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
wut abt if i dont want to clean.
and i dont have avg antispyware i have removed it after getting spybot s&d
and also i dont have avg antirootkit
 
Yes still download these and upload the attachments. You can always uninstall them after.

Regards Jase :)

This thread is for the use of badboys4l only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Well you can yes, but if you wanted to make sure your system is completely cleaned then it would be advisable to download it. Just unistall it after if you don't want it.

Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread.

Regards Jase :)

This thread is for the use of badboys4l only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
hello srry for the late reply
i have tried to run all the programs u asked in the order u told me
and nothing is getting better there r regular popups and slow pc

here is my fresh HJT log
 
You haven`t followed the instructions, nor have you posted the requested log files/results.

Do the following.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

mmsass

Close the services window.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

mmdmm.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKLM\..\RunServices: [mmsass] mmdmm.exe

O15 - Trusted Zone: *.stumbleupon.com

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

mmdmm.exe<Search your system for this file and delete all instances found.

Reboot into normal mode and rehide your protected OS files.

Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

Also, let me know the results of the Panda Antirootkit scan.

Regards Howard :)

This thread is for the use of badboys4l only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
i dont have avg antisppyware but i have spybot search and desttroy.
and also i got avg antirootkit instead of panda.

so is it ok if i use spybot s&d and avg antirootkit.
 
No, I need your to post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

Also, let me know the results of the Panda Antirootkit scan. The Panda Antirootkit programme is better than the AVG Antirootkit programme.

Sorry, but these are required.

Regards Howard :)

This thread is for the use of badboys4l only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Yes you should install AVG Antispyware ect...

After, you can always uninstall any of them if you don't want them.

Regards Jase :)
 
i have run all
and the logs are attached and also i have run the panda anti rootkit but i havent got the log repopt so tell me where panda saves it.
in safe mode i have tried to stop mmsass service but there was no such service runing but i have searched mmdmm.exe and deleted all i got

and also i included fresh HJT log
 
All items in your AVG Antispyware log say "No Action Taken". That`s because you haven`t told AVG Antispyware to quarantine it`s results as per the instructions. See this pictorial guide.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

mmsass<According to your HJT log, this service is definitely running.

Close the services window.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

AS.exe
mmdmm.exe
ApcMain.exe
dna.exe

Close task manager.

O4 - HKLM\..\Run: [ActiveSpeed] C:\Program Files\Ascentive\ActiveSpeed\AS.exe -b

O4 - HKLM\..\Run: [mmsass] mmdmm.exe

O4 - HKLM\..\RunServices: [mmsass] mmdmm.exe

O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\ApcMain.exe -m

O4 - HKCU\..\Run: [Tucan] "C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 2 for AntiRootkit.zip\PAVARK.exe" /Monitor

O4 - HKUS\S-1-5-21-436374069-1202660629-839522115-500\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\ApcMain.exe -m (User '?')

O4 - HKUS\S-1-5-21-436374069-1202660629-839522115-500\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe" (User '?')

O4 - HKUS\S-1-5-21-436374069-1202660629-839522115-500\..\Run: [Tucan] "C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 2 for AntiRootkit.zip\PAVARK.exe" /Monitor (User '?')

O17 - HKLM\System\CCS\Services\Tcpip\..\{C8BE76A0-CB0A-4F8E-9B06-8D5579267825}: NameServer = 213.55.64.36 213.55.64.38<Only fix this, if it doesn`t belong to your ISP.

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

mmdmm.exe<Search your system for this file and delete all instances found.

Click start/run and type regedit into the run box and press the enter key. When the window appears maximise it. Click file/export and save a copy of your registry to wherever you want.

Click edit and choose find. Type mmdmm.exe into the dialogue box and click the find next button. Regedit will now search your registry for any entries that contain a reference to mmdmm.exe and display them in the righthand pane. Right click on any such mmdmm.exe entries and choose delete.

Now click edit again and choose find next. Again, delete any entries that reference mmdmm.exe.

Repeat the above, until no more mmdmm.exe entries are found.

Close regedit.

Reboot into normal mode and rehide your protected OS files.

Run the Panda antirootkit scan and let me know if it finds anything. If it does, I need to know exactly what is found and it`s exact file path.

Post fresh HJT, AVG Antispyware and Combofix logs.

Regards Howard :)

This thread is for the use of badboys4l only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
i have opened start/run and type services.msc but still there is no mmsass service
maybe suggest me another place to look after
 
That`s very strange as it`s clearly there in your HJT log.

Click start run and type msconfig into the run box and hit the enter key.

Click the services tab and see if you can see it there.

Regards Howard :)

This thread is for the use of badboys4l only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
For the time being yes.

As howard says post fresh HJT and Combofix logs.

Regards Jase :)

This thread is for the use of badboys4l only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
No, that service is a backdoor trojan that allows a hacker to control your system and steal personal info.

It needs to be gotten rid of or a format will be necessary.

Regards Howard :)

This thread is for the use of badboys4l only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.

Similar threads

N
My browser randomly and suddenly pops out in full screen to go on top of all windows
Replies
3
Views
4K
izabel
I
Maksiss
PC suddenly got a lot slower with almost every program crashing
Replies
7
Views
1K
Cycloid Torus
Cycloid Torus
P
My windows pc is not booting,cannot reinstall windows - is this because of mobo or HDD
Replies
2
Views
1K
Hotlynx16
H

Latest posts

Back