Results 1 to 4 of 4

Thread: "MOM.exe" CPU problem/ZA continuously updating

  1. #1
    JBarraxJr Guest

    Default "MOM.exe" CPU problem/ZA continuously updating

    I've been having a problem for a few days now. Sometimes, it's a mild nuisance, others it's a full blown malware system takeover attempt.
    The first thing I noticed was that Google Chrome wasn't launching. It kept hanging up. Then I noticed that the Zone alarm icon in the system tray indicated that ZA was updating...constantly...for hours. I couldn't launch it to run a scan.
    I checked the Task manager and my CPU usage was pegged at 100% (which is why Chrome wouldn't launch: no resources). I checked the list of processes and found that an application called MOM.exe was listed twice and one of them was using 99% of the CPU's resources.
    I ended the application and zoneAlarm launched. I Googled MOM.exe and found an article that said it's an error related to the ATI Control Center (I have an ATI PCI sound card) and that, unless there was a folder called MOM in the program files, it wasn't malware.
    So I went online and began browsing and suddenly an application called Security Tool began plaguing me with popups about my system being infected.
    There were dire warnings that my credit cards had been stolen, my bank accounts were in jeopardy and the Huns were at the door. Of course, it kept prompting me to scan my system , yadda yadda. I ignored it and tried to run Zone Alarm , but the da&&^ Security Tool popups blocked everything else.
    I found that MOM.exe was hogging my CPU again, so I ended that process and ZA ran and found one infection.

    Anyway, to make a long story short---too late!-- I got the application removed, ran ZA, Ad Aware, SpyWare Doctor and all report a clean system. And the friggin' Security Tools **** is gone.

    But, when I boot up, the system still hangs up and there's MOM.exe using 99% of my CPU. I have to end the process before Chrome or Zone Alarm will launch. Do I have a nasty infection, or just a screwed up registry?

    What to do?????

  2. #2
    Join Date
    Jun 2006
    Location
    The 3rd Coast - South Central Texas
    Posts
    10,465

    Default Re: "MOM.exe" CPU problem/ZA continuously updating

    It is Sometimes very Difficult to Diagnose and fix a Computer from halfway across the Country,
    without All the Details,without the ability to sit in front of your Computer monitor and see what's going on..

    Whenever posting here- or Contactinf ZA Tech Support, it is always advisable to list your:OS (XP SP 2-3 / Vista SP1-2 / Windows 7), your zonealarm product and it's version number , Brand of Computer and CPU.


    Hi! Try this!

    NOTE: the steps below works only if you are on the latest versions of ZA (7.0.470.000 or later Preferably ZA 9.1). If you are not, please update.
    Try to perform a full Antivirus/Antispyware scan but in SAFE MODE WITH NETWORKING.

    1. Disable Windows System Restore;
    2. Set ZA Antivirus/antispyware to "Ultra Deep Scan" under the advanced options of the ZA antivirus/antispyware tab (scan modes);
    3. Reboot in SAFE MODE WITH NETWORKING;
    4. Manual run ZA (ZA firewall will be OFF but Antivirus/Antispyware will be functional);
    5. Run a full ZA AV/AS scan;
    5. Reboot in Normal Mode
    6. Set ZA Antivirus/Antispyware back to Normal
    7. Ensable System restore

    How to start in SAFE MODE WITH NETWORKING
    How to disable windows SYSTEM RESTORE

    If the above fails try to clean your system with:

    A. Download update and scan with MBAM
    WARNING: Some malware will block the download of this software, rename the installer to a random name before saving and running

    B. Use the superantispyware online cleaning tool --> Here or download, update and scan with superantispyware FREE
    WARNING: Some malware will block the download of this software, rename the installer to a random name before saving and running

    C. Download update and scan with A2 free

    Still Problems? Try the bootable CD fromDrWeb

    if ALL the above fails please post your Hijackthis log to BleepingComputer or SpywareHammer
    GeorgeV
    ZoneAlarm Extreme Security


    Click here for ZA Support
    Monday-Saturday__ 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    JBarraxJr Guest

    Default Re: "MOM.exe" CPU problem/ZA continuously updating

    Thanks for the info Guru George. Sorry about the lack of specific system information.
    PC info: I'm using an HP Pavilliona 1330n with an AMD64 processor

    OS info: Windows XP Media Center Version 2002 Service Pack 3.

    ZoneAlarm info:ZoneAlarm Security Suite version 9.1.008.000 (firewall, antivirus, and anti spyware package)

    I tried rebooting in safe mode early in the process, but it didn't work. Safe mode was not an option. (the first time I've seen a Windows pc that wouldn't do it.
    I disabled system restore in the attempt to clean the Security Tool popup infection, which seemed to work.

    I will follow your steps and try again. The MOM.exe problem persists. I had to end the process again this evening before I ZoneAlarm's Sonic Wall or Google Chrome would launch.

    Thanks for the info, I'll let you know what happens.

  4. #4
    JBarraxJr Guest

    Default Re: "MOM.exe" CPU problem/ZA continuously updating

    Well that worked....sort of.
    I actually already have MBAM on my sytem, but I updated it and ran a full scan. It found 8 infections. (see summary below)
    I rebooted and all was fine until I launched Chrome. It hung up again. I opened task manager, and, sure enough, the CPU usage was pegged at 100% and MOM.exe was hogging all of it. I ended the process and the browser woke up.

    I'm getting pretty tired of this dance. I guess I'll try the superantispyware or see if I can get it to reboot in safe mode now and do a deep scan with ZA..not that I expect that to work.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Malwarebytes' Anti-Malware 1.43
    Database version: 3460
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    12/30/2009 10:09:06 PM
    mbam-log-2009-12-30 (22-09-06).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 450293
    Time elapsed: 1 hour(s), 48 minute(s), 0 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 3
    Registry Data Items Infected: 2
    Folders Infected: 2
    Files Infected: 7

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explo rer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\ctfmon (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\01818119 (Rogue.Multiple) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux (Trojan.JSRedir.H) -> Bad: (C:\WINDOWS\system32\..\jdppmy.qcm) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\SYSTEM32\userinit.exe,C:\WINDOWS\syste m32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

    Folders Infected:
    C:\Documents and Settings\All Users\Application Data\01818119 (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

    Files Infected:
    C:\WINDOWS\jdppmy.qcm (Trojan.JSRedir.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\60.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\rvbr.tmp\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Administrator\Local Settings\Temp\TMPA2.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\X7MLMTY9\wcap[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kathy.HPPAVILLION\Application Data\sdra64.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\Program Files\WAIL32.DLL (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •