ardamax/ or false positive by mcaffee/HELP uomm.exe

Discussion in 'Malware Help (A Specialist Will Reply)' started by bubble03, Feb 10, 2010.

  1. bubble03

    bubble03 Private E-2

    MCAFEE it says that it is NOT a virus/trojan but a keylogger and MUST be installed. no way anyone has used my home computer. so its either CIA or a ghost. can anyone confirm an alternative scenario. the file it picks up is located at
    C:\WINDOWS\system32\28463\uomm.exe

    uomm.exe was picked up by security task manager and does not seem to be found on the web ANYWHERE. cue CIA customised keylogger har!

    seriously although mcaffe says its ardamax keylogger when browsing for ranual removal instructions this file does not appear in any antivirus archives so its either another keylogger or a false positive

    can anyone help/ either through same experience or offer me any way to check the file

    cheers in advance
     
    bubble03, Feb 10, 2010
    #1
  2. bubble03

    bubble03 Private E-2

    MCAFEE says that this file is NOT a virus/trojan but a keylogger and MUST be installed. no way anyone has used my home computer. so its either CIA or a ghost. can anyone confirm an alternative scenario. the file it picks up is located at
    C:\WINDOWS\system32\28463\uomm.exe

    uomm.exe was picked up by security task manager and does not seem to be found on the web ANYWHERE. cue CIA customised keylogger har!

    seriously although mcaffe says its ardamax keylogger when browsing for ranual removal instructions this file does not appear in any antivirus archives so its either another keylogger or a false positive

    can anyone help/ either through same experience or offer me any way to check the file


    ************EDIT EDIT**************************


    rescanned & found more files

    file names C:\WINDOWS\system32\28463\UOMM.007, C:\WINDOWS\system32\28463\UOMM.006


    has anyone heard of these files also if it is a kylogger where are log files kept? and what type of files are they. thnx in advance
     
    Last edited: Feb 10, 2010
    bubble03, Feb 10, 2010
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Perhaps you can explain why this was posted to you in response to your exact same thread HERE:

    So did you follow their advice?
     
    TimW, Feb 11, 2010
    #3
  4. bubble03

    bubble03 Private E-2

    his advice insults my intelligence actually. what problems i have are more advanced than the simple instructions he offered. though to be fair i need more indepth help especially since ive found much more major problems that i will post below. ive tried to pm you but i havent got 50 posts. can i ask did i do something wrong in posting for advice on two forums?

    i certainly dont understand why the guy said about not helping at major geeks. i never mentioned i posted here at all. can you explain? and more importantly can you (or anyone ) help me regard the info below. and i apologise if ive broken forum rules

    -------------------------------

    any help appreciated cheers just done a hijack this scan and GMER rootkit SCAN which says major infections form rootkits - im convinced ive been targeted specifically rather than simply been infected by visiting websites or downloading an infected problem can anyone read the scans below highlight anything they see that can confirm this opinion?

    Ive also found active connections even when ive pulled the powers upply from modem which is kinda strange
    '
     
    Last edited by a moderator: Feb 16, 2010
    bubble03, Feb 15, 2010
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    We will assist you as long as you stop seeking assistance elsewhere for the reasons I gave you. But you need to follow our instructions!! So before you begin, run HJT and chose system scan only, then check these boxes but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now::
    O2 - BHO: ExplorerView by GetData - {6E48A5AF-4EE0-42E4-AC31-6BA0D9572285} - C:\PROGRA~1\GetData\EXPLOR~1\EXPLOR~1.DLL (file missing)
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (file missing)
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (file missing)
    O4 - HKLM\..\Run: [Er3MCJksov1tFblJIy0f] C:\WINDOWS\system\4QFm6.exe
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [BbSpGaix3SWRhbod] C:\WINDOWS\system\4QFm6.exe
    O20 - AppInit_DLLs: secuload.dll,interceptor.dll

    NOTE: HJT may popup an error about the AppInit_DLLs line. Ignore it and click OK to continue.

    After clicking Fix, exit HJT.

    Pleases follow the instructions in the below link:

    READ & RUN ME FIRST. Malware Removal Guide

    Also, please read this:
    How to attach items to your post.
     
    TimW, Feb 16, 2010
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds