Operating memory violation probably ponmocup.aa trojan

Discussion in 'ESET Smart Security' started by lauries2097, Jun 15, 2013.

Thread Status:
Not open for further replies.
  1. lauries2097

    lauries2097 Registered Member

    Joined:
    Jun 15, 2013
    Posts:
    3
    Location:
    Australia
    Hi. I am running Windows XP with ESET Smart Security 5.0.95.0 all updates and I get the following Eset desktop notification:

    Object: Operating memory violation rundll32.exe (1896)
    Threat: Probaly a variant if win32/ponmocup.AA trojan
    Unable to clean.

    I have deleted rundll32.exe and installed a new file.
    both online ESETscanner in safe mode and ESET file scanning shows no infected files.

    Problem is that URL's from search engine are redirected to other URLs.

    How do I fix this?
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Hello,
    1, this is not an exact message that ESET gave. At least the word "violation" is not used at all.
    2, Rundll32.exe is an important system file located in C:\Windows\System32, we strongly recommend restoring it. What was detected was a dll loaded by rundll32.exe. If you are unable to find out the malicious dll, please submit a SysInspector log to ESET for analysis as per the instructions here.
     
  3. lauries2097

    lauries2097 Registered Member

    Joined:
    Jun 15, 2013
    Posts:
    3
    Location:
    Australia
    Hi you are correct. The word violated is not displayed. I have followed your instructions and sent the sysinspector log (which I guess is the desktop notification I am receiving) to samples@eset.com.

    Hope to hear a response soon.
     
  4. lauries2097

    lauries2097 Registered Member

    Joined:
    Jun 15, 2013
    Posts:
    3
    Location:
    Australia
    I have also restored the rundll32.exe by expanding it over the previous version. I did this in safe mode. I have also run the online eset scan in safe mode with no infected files found.This had not fixed the problem.
     
Thread Status:
Not open for further replies.