Monday, February 10, 2014

Asprox/Kuluoz modules crashing

I finally got a computer infected with Asprox/Kuluoz to monitor it. I had a lot of issues with it crashing. Well it's been running fine for a while but now a process called IenMeramkel Antibibus keeps crashing. In fact, when I checked it after letting it sit over the weekend I probably had about 20 different popups like that from various app names. I assume all of which are just Asprox/Kuluoz modules that may not be working their best on my computer. More annoyingly than all of those, explorer.exe keeps crashing every few seconds as well. Making exploring a pain.

Fortunately it seems like the core infection is still working since I still see it trying to send junk.However, this is not some quiet virus. This system is obviously infected. Constantly popping up with messages about things crashing, explorer.exe hasn't worked in days, and the thing runs like garbage. Subtlety seems like it would be important for most viruses so they can just go undetected. But any level of user would notice something is wrong at this point.


*Edit: A day later, the new process that's crashing is now  IonMeramkel Antibibus. I assume as variations come out, the name will continue to change.

*Edit2: How about I just make a list with some of the crashing programs I see. If for some reason you have stumbled across this page googling these, you very likely are infected with malware and should get that checked out. Some places online are mentioning zbot trojans. This may partially be the case, but the original infection was due to Asprox/Kuluoz . With Asprox/Kuluoz having it's modules, there's no telling what could have been installed later.
  • IenMeramkel Antibibus
  • IonMeramkel Antibibus
  • MapMark Microsoft
  • RobotView
  • JonMeramkul Antibibus
  • UpdateFlashPlayer_<alnum string>.exe
  • Apriori
  • JenMeramkel Antibibus
  • JenMeromkel Antibibus 
  • MyFtp 
Edit3: And I'm done. There's been nothing going on for a while so I have shut my infection down. I may start it back up again if I hear Kuluoz changes significantly again. There are already good writeups on the current one so I may bother with some actual effort if a new one releases. Stay safe.
Posted by at
Labels: , , , , , , ,

2 comments:

  1. UnknownFebruary 24, 2014 at 11:08 AM

    Hi there ! What antivirus had you used to eliminate the shit ? I've also seen in my taskmanager a new process named ydseav.exe and in description JenMeramkel Antibibus. I had never used an antivirus before and I would not pay for one. Thanks

    ReplyDelete
    Replies
    1. mark hamselFebruary 24, 2014 at 1:35 PM

      That ydseav.exe appears to be a randomly named exe that the Antibibus processes create (or something creates). There can be a few running and the names appear to always just be randomly generated. I would probably suggest trying something like Malwarebytes to remove it (they have a free edition) since I've had good luck with that in the past, but personally if I were infected on a computer I cared about I'd wipe the machine and start over. That will be the most thorough cleansing but also the most time tedious and consuming.

      Delete

Subscribe to: Post Comments (Atom)