rsm3dmod.exe

[Tramp429]

Anyone heard of this executable file?

The geek squad claim this is a virus or an infected file on my nieces computer but can't fix it so they want to do a reformat. IE won't connect to the net because of it after they cleaned up everything else. They also claim spy sweeper found 14,000 instances of spyware. More like 140 IMO because thats about average for her.

Originally the box was running for a minute or two then shut down with an error about missing files or something. Last time I updated everything on her box was a few months ago. I told them to bring it to me but they did not listen. So, now it looks like it is coming to me tonight.

[phenious]

I couldnt find the virus you listed on symantecs website.

I would recomend trying to boot to safe mode with networking if you can. Then from there see if you cant get on the net. If you can I recomend Trend Micro's Online House call to scan for viruses and spyware. Turn off system restore as well before you start the scan if you can. If you cant get online go get the latest versions of Ad-Ware and such to a CD and go from there. Best buy may have ripped out to much stuff though

[EXreaction]

I never heard of it...if you do reformat I reccommend a few things...
1. Firefox
2. Sygate Personal Firewall
3. Avast Antivirus
4. Spybot Search and Destroy

If you think Norton is good enough...or better since you have to pay for it, you are wrong...Avast is way better! It is faster, it finds more problems, it isn't a resource hog, and best of all...it is FREE!
(you could use avg instead if you want...some people like it better than avast...)

Geek Squad!
I wouldn't use anything from them...they want way to much money for such little work...sometimes in upwards of $100/hr(which only takes mabey 10 min of work, and the other 50min they don't have to do anything)

[doddsy]

Quote:

Originally Posted by Tramp429

Originally the box was running for a minute or two then shut down with an error about missing files or something. (

need to know what the error is.

shutdowns + lssass.exe is borked ............ yadda yadda...........=sasser worm

but i'm just guessing...........cou;d just be that its swamped with spyware and crashing.

error messages will help diagnose the maladie...........

[Tramp429]

sasser worm is what I was thinking too. She should have been protected from it.

Last time I saw the box I had spybot, adaware, avg, sysgate, CWShredder, hijack this and a few other apps on it.


I also think Best Buy ripped out too much stuff.


I will mess with it tomorrow.

Here is the "Virus and spyware scan and removal" from the "agent checklist".

scan app/ found / removed
anti-vir / 53 / 53
dr web / 64 / 64
cws/ 1 / 1
(ink color and handwritting changes)
vxz remover / 4 / 4
hijack this / 11 / 11
spybot /38 / 38
adaware / 21 /21
sweeper/ 14/370 / 14/370 (14,370 or 14/370? )



"Agent Notes"


"Is showing problem ins networking safemode. Can't go on need to close. Please keep checking w/ online scans.

(ink color and handwritting changes)
trend - 0
pandy ( Panda?) - 5 - removed manually


rsm3dmod.exe (ink color and handwritting changes) cause IE errors. Can't pin down what/if/where/how. Recommend Windows reistall."


Spelling errors are theirs, not mine. I think the bill was around $100.

[Tramp429]

rsm3dmod.exe does not exist. No IE errors. I have no idea where the geek squad got that from. Maybe another customers box?

Finally got around to trouble shooting the box. Only spent about a half hour on it.

I notice they used IEradicator. I have a feeling that is one of the problems. It is not supposed to be used in XP.

Most of everything I had installed on it is gone. Not sure exactly what the best buy idiots uninstalled. My niece has admin rights again. I'll spend a few hours messing with it when I have a chance.

Getting a BSOD. THe only interesting thing I saw in it was

"An attempt was made to write to read only memory.

STOP: 0x000000BE (0xF99Ca614, 0x206C6148, 0xf99C4180, 0x0000000F)"

It's not http://support.microsoft.com/?kbid=306205 or http://support.microsoft.com/?kbid=299371 as far as I can tell so far.

[Tramp429]

Did I post this thread in the correct forum?

[Tramp429]

iexcdm.exe and rsm3dmod.exe are shown as application popups in the even veiwer. They could not read memory or something. Event ID 26


Pest Patrol found 253 more things. Cleaned them.

Spysweeper found 1 more.

Found PrismXL service on it? http://www.newboundary.com/

SFC kept giving me an RPC error.

Couldn't get into the repaire console when booting to an XP CD. Kept saying wrong password even though I was using the right one.

Reinstalled on top of did nothing.

Restoring the box with the emachine recovery software. Hope they had a backup of their stuff because it is gone now.

[Tramp429]

Is it possible someone (family or friend) installed Prism Deploy while there and gained remote access? MSN logs lead me to believe someone in the family or a friend originally hacked the box. I'm not sure if this was the app used just the one I noticed since BB cleaned up most everything else.


Is there a safe and free remote access app I can use to clean it weekly?