Tilted Forum Project Discussion Community

Tilted Forum Project Discussion Community (https://thetfp.com/tfp/)
-   Tilted Technology (https://thetfp.com/tfp/tilted-technology/)
-   -   spyware problem (https://thetfp.com/tfp/tilted-technology/103759-spyware-problem.html)

denton 04-23-2006 03:23 PM

spyware problem
 
We are having a spyware problem, it disabled the task manager. IE keeps starting up on it's own, running my CPU at 100%. Very annoying.
I got Process Explorer to use as a task bar, so that's ok now. Ran a few things (spybot, spyware blaster,etc) and got rid of some of it.
Been reading posts here and suppose that I have something bad in my registry...I already got rid of "winupdate", thought I was done--but no. Just did a system restore last week, but didn't format the HD (i always forget how to do stuff like that)

if anyone feels like looking at this, any help would be greatly appreciated!
Thanks...Denton

here's my HIJACK THIS logfile:

Logfile of HijackThis v1.99.1
Scan saved at 6:10:48 PM, on 4/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\IA\command.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\outlook\outlook.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\windows\mousepad11.exe
C:\WINDOWS\SYSC00.exe
C:\WINDOWS\ms05765249179.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe

Dilbert1234567 04-23-2006 04:53 PM

A disabled task manager is usually a virus or worm.

Go into the windows\system32 directory and find taskmgr.exe, copy it and rename it something different testing.exe run that to check it out, most viruses only check the title of the program run, not its signature. Best bet is to take the hard drive out, and use a different computer to scan and clean it.

meanSpleen 04-23-2006 07:34 PM

Yeah, have you run any virus scans lately? If you don't have one, try http://housecall.trendmicro.com/ It's online, and free. Works pretty OK as well. You

We were testing a computer at work on a wide open DSL line, and within a day it was infested. Ran it through there and just by having the thing turned on and on the network with no protection it was able to pick up ~4 different virus'.

Edit: of course, with what was on that system, we had to end task on pretty much everything just to be able to load the page. I think we also had to edit the hosts file

Dilbert1234567 04-23-2006 07:53 PM

I never trust online virus scans, I always scan an infected system on a separate clean system. If a virus/worm really gets in there, it can completely hide its self from the operating system.

denton 04-23-2006 08:20 PM

I ran Norton, it found nothing but it has not been updated since the computer was purchased (last spring)
thanks for the suggestions!

Dilbert1234567 04-23-2006 08:50 PM

well thats problem number 1, if its not updated, your hosed, new viruses and worms are made all the time, some worms have new variants released daily. do you have a second computer that you know is clean?

soccerchamp76 04-23-2006 10:00 PM

Reboot in safe mode.
Run all spyware/antivirus programs.
Start Menu -> Run -> "msconfig" Disable and unnecessary programs and potentially harmful programs from starting.
Reboot.
Update all programs and run them again.

meanSpleen 04-24-2006 06:42 PM

It was really just a test box that we had no other use for, so running the online scanner was helpful. True, it doesn't beat an installed version, but it is still better than nothing

denton 04-24-2006 10:47 PM

Hey thanks for all the input. Things are looking a little better, I got AntiVir and it's already claimed to have found 4 virus files.
Also running spybot in safe mode uncovered a bunch of new stuff. Can't believe all the crap that has been dug up!


All times are GMT -8. The time now is 09:50 PM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0 PL2
© 2002-2012 Tilted Forum Project


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76