|
04-23-2006, 03:23 PM
|
#1 (permalink) |
|
Crazy
|
spyware problem
We are having a spyware problem, it disabled the task manager. IE keeps starting up on it's own, running my CPU at 100%. Very annoying.
I got Process Explorer to use as a task bar, so that's ok now. Ran a few things (spybot, spyware blaster,etc) and got rid of some of it. Been reading posts here and suppose that I have something bad in my registry...I already got rid of "winupdate", thought I was done--but no. Just did a system restore last week, but didn't format the HD (i always forget how to do stuff like that) if anyone feels like looking at this, any help would be greatly appreciated! Thanks...Denton here's my HIJACK THIS logfile: Logfile of HijackThis v1.99.1 Scan saved at 6:10:48 PM, on 4/23/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE c:\Program Files\Common Files\Symantec Shared\ccProxy.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Norton AntiVirus\navapsvc.exe c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\IA\command.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\wdfmgr.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\hphmon06.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Creative\ShareDLL\CtNotify.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe C:\Program Files\outlook\outlook.exe c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\windows\mousepad11.exe C:\WINDOWS\SYSC00.exe C:\WINDOWS\ms05765249179.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Messenger\msmsgs.exe |
|
|
04-23-2006, 04:53 PM
|
#2 (permalink) |
|
Devils Cabana Boy
Location: Central Coast CA
|
A disabled task manager is usually a virus or worm.
Go into the windows\system32 directory and find taskmgr.exe, copy it and rename it something different testing.exe run that to check it out, most viruses only check the title of the program run, not its signature. Best bet is to take the hard drive out, and use a different computer to scan and clean it.
__________________
Donate Blood! "Love is not finding the perfect person, but learning to see an imperfect person perfectly." -Sam Keen |
|
|
|
04-23-2006, 07:34 PM
|
#3 (permalink) |
|
Squid hat!
Location: A Few Miles Away From Halx
|
Yeah, have you run any virus scans lately? If you don't have one, try http://housecall.trendmicro.com/ It's online, and free. Works pretty OK as well. You
We were testing a computer at work on a wide open DSL line, and within a day it was infested. Ran it through there and just by having the thing turned on and on the network with no protection it was able to pick up ~4 different virus'. Edit: of course, with what was on that system, we had to end task on pretty much everything just to be able to load the page. I think we also had to edit the hosts file
__________________
Like TFP? Donate To Keep It Alive!! Last edited by meanSpleen; 04-23-2006 at 07:36 PM.. |
|
|
|
04-23-2006, 07:53 PM
|
#4 (permalink) |
|
Devils Cabana Boy
Location: Central Coast CA
|
I never trust online virus scans, I always scan an infected system on a separate clean system. If a virus/worm really gets in there, it can completely hide its self from the operating system.
__________________
Donate Blood! "Love is not finding the perfect person, but learning to see an imperfect person perfectly." -Sam Keen |
|
|
|
04-23-2006, 08:50 PM
|
#6 (permalink) |
|
Devils Cabana Boy
Location: Central Coast CA
|
well thats problem number 1, if its not updated, your hosed, new viruses and worms are made all the time, some worms have new variants released daily. do you have a second computer that you know is clean?
__________________
Donate Blood! "Love is not finding the perfect person, but learning to see an imperfect person perfectly." -Sam Keen |
|
|
|
04-23-2006, 10:00 PM
|
#7 (permalink) |
|
Go Cardinals
Location: St. Louis/Cincinnati
|
Reboot in safe mode.
Run all spyware/antivirus programs. Start Menu -> Run -> "msconfig" Disable and unnecessary programs and potentially harmful programs from starting. Reboot. Update all programs and run them again.
__________________
Brian Griffin: Ah, if my memory serves me, this is the physics department. Chris Griffin: That would explain all the gravity. |
|
|
|
04-24-2006, 06:42 PM
|
#8 (permalink) |
|
Squid hat!
Location: A Few Miles Away From Halx
|
It was really just a test box that we had no other use for, so running the online scanner was helpful. True, it doesn't beat an installed version, but it is still better than nothing
__________________
Like TFP? Donate To Keep It Alive!! |
|
|
| Tags |
| problem, spyware |
|
|
