Tilted Forum Project Discussion Community  

Go Back   Tilted Forum Project Discussion Community > Interests > Tilted Technology


 
 
LinkBack Thread Tools
Old 04-23-2006, 03:23 PM   #1 (permalink)
Crazy
 
spyware problem

We are having a spyware problem, it disabled the task manager. IE keeps starting up on it's own, running my CPU at 100%. Very annoying.
I got Process Explorer to use as a task bar, so that's ok now. Ran a few things (spybot, spyware blaster,etc) and got rid of some of it.
Been reading posts here and suppose that I have something bad in my registry...I already got rid of "winupdate", thought I was done--but no. Just did a system restore last week, but didn't format the HD (i always forget how to do stuff like that)

if anyone feels like looking at this, any help would be greatly appreciated!
Thanks...Denton

here's my HIJACK THIS logfile:

Logfile of HijackThis v1.99.1
Scan saved at 6:10:48 PM, on 4/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\IA\command.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\outlook\outlook.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\windows\mousepad11.exe
C:\WINDOWS\SYSC00.exe
C:\WINDOWS\ms05765249179.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
denton is offline  
Old 04-23-2006, 04:53 PM   #2 (permalink)
Devils Cabana Boy
 
Dilbert1234567's Avatar
 
Location: Central Coast CA
A disabled task manager is usually a virus or worm.

Go into the windows\system32 directory and find taskmgr.exe, copy it and rename it something different testing.exe run that to check it out, most viruses only check the title of the program run, not its signature. Best bet is to take the hard drive out, and use a different computer to scan and clean it.
__________________
Donate Blood!

"Love is not finding the perfect person, but learning to see an imperfect person perfectly." -Sam Keen
Dilbert1234567 is offline  
Old 04-23-2006, 07:34 PM   #3 (permalink)
Squid hat!
 
meanSpleen's Avatar
 
Location: A Few Miles Away From Halx
Yeah, have you run any virus scans lately? If you don't have one, try http://housecall.trendmicro.com/ It's online, and free. Works pretty OK as well. You

We were testing a computer at work on a wide open DSL line, and within a day it was infested. Ran it through there and just by having the thing turned on and on the network with no protection it was able to pick up ~4 different virus'.

Edit: of course, with what was on that system, we had to end task on pretty much everything just to be able to load the page. I think we also had to edit the hosts file

Last edited by meanSpleen; 04-23-2006 at 07:36 PM..
meanSpleen is offline  
Old 04-23-2006, 07:53 PM   #4 (permalink)
Devils Cabana Boy
 
Dilbert1234567's Avatar
 
Location: Central Coast CA
I never trust online virus scans, I always scan an infected system on a separate clean system. If a virus/worm really gets in there, it can completely hide its self from the operating system.
__________________
Donate Blood!

"Love is not finding the perfect person, but learning to see an imperfect person perfectly." -Sam Keen
Dilbert1234567 is offline  
Old 04-23-2006, 08:20 PM   #5 (permalink)
Crazy
 
I ran Norton, it found nothing but it has not been updated since the computer was purchased (last spring)
thanks for the suggestions!
denton is offline  
Old 04-23-2006, 08:50 PM   #6 (permalink)
Devils Cabana Boy
 
Dilbert1234567's Avatar
 
Location: Central Coast CA
well thats problem number 1, if its not updated, your hosed, new viruses and worms are made all the time, some worms have new variants released daily. do you have a second computer that you know is clean?
__________________
Donate Blood!

"Love is not finding the perfect person, but learning to see an imperfect person perfectly." -Sam Keen
Dilbert1234567 is offline  
Old 04-23-2006, 10:00 PM   #7 (permalink)
Go Cardinals
 
soccerchamp76's Avatar
 
Location: St. Louis/Cincinnati
Reboot in safe mode.
Run all spyware/antivirus programs.
Start Menu -> Run -> "msconfig" Disable and unnecessary programs and potentially harmful programs from starting.
Reboot.
Update all programs and run them again.
__________________
Brian Griffin: Ah, if my memory serves me, this is the physics department.
Chris Griffin: That would explain all the gravity.
soccerchamp76 is offline  
Old 04-24-2006, 06:42 PM   #8 (permalink)
Squid hat!
 
meanSpleen's Avatar
 
Location: A Few Miles Away From Halx
It was really just a test box that we had no other use for, so running the online scanner was helpful. True, it doesn't beat an installed version, but it is still better than nothing
meanSpleen is offline  
Old 04-24-2006, 10:47 PM   #9 (permalink)
Crazy
 
Hey thanks for all the input. Things are looking a little better, I got AntiVir and it's already claimed to have found 4 virus files.
Also running spybot in safe mode uncovered a bunch of new stuff. Can't believe all the crap that has been dug up!
denton is offline  
 

Tags
problem, spyware

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -8. The time now is 01:43 AM.

Tilted Forum Project

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0 PL2
© 2002-2012 Tilted Forum Project

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46