Tilted Forum Project Discussion Community

Tilted Forum Project Discussion Community (https://thetfp.com/tfp/)
-   Tilted Technology (https://thetfp.com/tfp/tilted-technology/)
-   -   spyware problem (https://thetfp.com/tfp/tilted-technology/103759-spyware-problem.html)

denton 04-23-2006 03:23 PM

spyware problem
 
We are having a spyware problem, it disabled the task manager. IE keeps starting up on it's own, running my CPU at 100%. Very annoying.
I got Process Explorer to use as a task bar, so that's ok now. Ran a few things (spybot, spyware blaster,etc) and got rid of some of it.
Been reading posts here and suppose that I have something bad in my registry...I already got rid of "winupdate", thought I was done--but no. Just did a system restore last week, but didn't format the HD (i always forget how to do stuff like that)

if anyone feels like looking at this, any help would be greatly appreciated!
Thanks...Denton

here's my HIJACK THIS logfile:

Logfile of HijackThis v1.99.1
Scan saved at 6:10:48 PM, on 4/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\IA\command.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\outlook\outlook.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\windows\mousepad11.exe
C:\WINDOWS\SYSC00.exe
C:\WINDOWS\ms05765249179.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe

Dilbert1234567 04-23-2006 04:53 PM

A disabled task manager is usually a virus or worm.

Go into the windows\system32 directory and find taskmgr.exe, copy it and rename it something different testing.exe run that to check it out, most viruses only check the title of the program run, not its signature. Best bet is to take the hard drive out, and use a different computer to scan and clean it.

meanSpleen 04-23-2006 07:34 PM

Yeah, have you run any virus scans lately? If you don't have one, try http://housecall.trendmicro.com/ It's online, and free. Works pretty OK as well. You

We were testing a computer at work on a wide open DSL line, and within a day it was infested. Ran it through there and just by having the thing turned on and on the network with no protection it was able to pick up ~4 different virus'.

Edit: of course, with what was on that system, we had to end task on pretty much everything just to be able to load the page. I think we also had to edit the hosts file

Dilbert1234567 04-23-2006 07:53 PM

I never trust online virus scans, I always scan an infected system on a separate clean system. If a virus/worm really gets in there, it can completely hide its self from the operating system.

denton 04-23-2006 08:20 PM

I ran Norton, it found nothing but it has not been updated since the computer was purchased (last spring)
thanks for the suggestions!

Dilbert1234567 04-23-2006 08:50 PM

well thats problem number 1, if its not updated, your hosed, new viruses and worms are made all the time, some worms have new variants released daily. do you have a second computer that you know is clean?

soccerchamp76 04-23-2006 10:00 PM

Reboot in safe mode.
Run all spyware/antivirus programs.
Start Menu -> Run -> "msconfig" Disable and unnecessary programs and potentially harmful programs from starting.
Reboot.
Update all programs and run them again.

meanSpleen 04-24-2006 06:42 PM

It was really just a test box that we had no other use for, so running the online scanner was helpful. True, it doesn't beat an installed version, but it is still better than nothing

denton 04-24-2006 10:47 PM

Hey thanks for all the input. Things are looking a little better, I got AntiVir and it's already claimed to have found 4 virus files.
Also running spybot in safe mode uncovered a bunch of new stuff. Can't believe all the crap that has been dug up!


All times are GMT -8. The time now is 08:48 AM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0 PL2
© 2002-2012 Tilted Forum Project


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360