Blueman Posted October 18, 2011 Share Posted October 18, 2011 While browsing for errors in MTA's memory I found this it is some of the remains of a virus I removed any explanation? Data Address: 0x00164aa0 Header Address 0x00164a98 Heap Handle: 0x00160000 00164AA0 00 00 00 00 00 01 00 00 00 00 00 00 A0 4D 16 00 .............M.. 00164AB0 16 00 18 00 50 39 3F 00 46 00 48 00 20 39 3F 00 ....P9?.F.H. 9?. 00164AC0 4E 00 2A 02 50 4B 16 00 0C 00 19 00 7A 4D 16 00 N.*.PK......zM.. 00164AD0 00 00 00 00 00 00 00 00 18 00 32 00 98 B1 00 10 ..........2..... 00164AE0 00 00 00 00 00 00 00 00 01 00 19 00 56 00 00 00 ............V... 00164AF0 04 01 00 00 00 00 00 00 D8 3A 3F 00 01 01 A3 00 .............. 00164B00 DD 00 A3 00 01 01 A3 00 0C 00 0C 00 01 00 A3 00 ................ 00164B10 09 00 09 00 DD 00 A3 00 18 00 18 00 E7 00 A3 00 ................ 00164B20 08 4B 16 00 10 4B 16 00 18 4B 16 00 00 00 00 00 .K...K...K...... 00164B30 00 00 00 00 00 00 00 00 05 00 23 00 5E 01 08 00 ..........#.^... 00164B40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00164B50 5C 00 3F 00 3F 00 5C 00 63 00 3A 00 5C 00 50 00 \.?.?.\.c.:.\.P. 00164B60 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 r.o.g.r.a.m. .F. 00164B70 69 00 6C 00 65 00 73 00 5C 00 42 00 61 00 6E 00 i.l.e.s.\.B.a.n. 00164B80 64 00 6F 00 6F 00 5C 00 70 00 6C 00 75 00 67 00 d..\.p.l.u.g. 00164B90 69 00 6E 00 73 00 2E 00 69 00 6E 00 69 00 00 00 i.n.s...i.n.i... 00164BA0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00164BB0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00164BC0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Link to comment
0 eAi Posted October 18, 2011 Share Posted October 18, 2011 Well, bear in mind that this is your computer's memory you're browsing, not MTA's. MTA certainly doesn't have anything to do with 'Bandoo' included, so I guess your computer has (or had) it installed. Check to see if you've got anything in c:\Program Files\Bandoo. Bandoo, from what I gather inserts emoticons into other chat programs. I guess it does this by injecting a DLL into the chat program's process. It probably injects it's DLL into every process on your system. It seems to be bordering on a malware/scamware from what I've read. Check what module the data belongs to, and that should tell you more. Link to comment
0 Blueman Posted October 18, 2011 Author Share Posted October 18, 2011 I can't delete it, it won't go away and I isolated mta's memory itself not me entire computers. Link to comment
0 eAi Posted October 19, 2011 Share Posted October 19, 2011 Processes are made of a number of modules. You may have viewed the GTA memory (or MTA for that matter), but you'll still have any number of other DLLs loaded into it, from any other source. Link to comment
0 Towncivilian Posted October 19, 2011 Share Posted October 19, 2011 For an example of eAi's explanation, you can run OllyDbg and attach it to gta_sa.exe and click View -> Executable modules. If you find this "Bandoo" thing in GTA:SA's single player memory (or any other executable, really), then I'd say it's an undesirable piece of software. You can try running MalwareBytes in Safe Mode to attempt to get rid of this malware. Link to comment
0 Cadu12 Posted October 20, 2011 Share Posted October 20, 2011 Blueman, You'll have to reinstall windows 7 or XP. When finished XP or 7, download called "http://www.mywot.com/" (thanks to eAi for mywot, and saved my life) Edit: I remember this site when I was 8 or 9 years old. It gives me a virus as hard Link to comment
0 Deltanic Posted October 20, 2011 Share Posted October 20, 2011 (edited) Why would you reinstall your OS? There are plenty of programs such as MBAM to remove malicious software. I've heard, so correct me if I'm wrong, that some malicious software can go very, very deep in computer making a reinstall of your OS useless. I never experienced this myself though Also, I know Bandoo. Never had this myself, and isn't really a dangerous piece of software afaik (it is malicous though as I've seen), but I've seen plenty of simular software that really harm your PC. Never thrust ANY add-on unless its certified by some bigger and well known group. Also, never give your pass and login to any of these add-ons, these are fake and simply hack your account. @ TC below: ups forget the H Edited October 20, 2011 by Guest Link to comment
0 Towncivilian Posted October 20, 2011 Share Posted October 20, 2011 Never thrust ANY add-on unless its certified by some bigger and well known group. I'd certainly hope nobody thrusts an add-on. And yeah, unless you get a rootkit (which 64-bit systems are not susceptible to), you really shouldn't have an issue getting your system clean, especially if you're running something modern like Vista or 7. Link to comment
Question
Blueman
While browsing for errors in MTA's memory I found this it is some of the remains of a virus I removed any explanation?
Data Address: 0x00164aa0
Header Address 0x00164a98
Heap Handle: 0x00160000
Link to comment
7 answers to this question
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now