Module32.exe

Discussion in 'malware problems & news' started by AKDrO, Dec 15, 2008.

Thread Status:
Not open for further replies.
  1. AKDrO

    AKDrO Registered Member

    Joined:
    Dec 15, 2008
    Posts:
    1
    Hello, I am brand new here. I read many of the posts regarding the trojan "Module32", which is currently infecting my computer. The posts said that it hides in "rfv" folder, but I found no such folder. I did find a folder called "GetModule32.exe" in my program files and deleted it, but that didn't fix the problem although it did seem to help quite a bit. This tricky bug has disabled my task mgr and disabled Windows updates (including manually updating), and it prevents me from downloading trend micro's HouseCall and RUBotted programs, and it stole the contents out of a zipped password-protected folder that contained "sys clean" that trend micro emailed me rendering it unusable. I was able to run Trend Micro's HijackThis and sent the report to trend micro which hopefully won't be blocked by the virus... i'm awaiting trend micro's analysis and recommendations. I feel that trend micro is simply doing a cookbook approach using only their own tools and has no real familiarity with this particular issue.
    This problem seemed to start after a "popup" for "ANTI-VIRUS 360" appeared on my screen and began scanning my computer and claiming I had all these serious infections...I checked on Anti-Virus 360 and it is a known bogus program... but it was difficult to click off.
     
  2. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    Try MBAM and/or Superantispyware, if either will download /install/run.
    You may need to enter safe mode with networking. You may need to rename the exe's.
    If you can install/update and run either of these, hopefully it will do the job.
    Unfortunately the Module32 is reported as deleting certain files in zip folders. I don't know the procedure (if any) to restore them.
    "Submit" in regard to HijackThis is an online submission tool; you should wait for the results in the browser. I think it's automated, if so, don't expect a reply from TM.
     
Loading...
Thread Status:
Not open for further replies.