Solved

poss virus activity - random process names in TaskManager

Posted on 2004-05-01
3
425 Views
Last Modified: 2012-05-04
I've run three a/v products on the three PCs at my client's location.

NAV, Panda, Trend-Micro.

None of them are able to crack this nut.

Main indication of malware ---

I get random letter/number names of processes in the Task Manager (XPhome in all PCs) such as...

Gbi1r6.exe,
Smf1ikC.exe
Tzv5.exe
lklbq.exe
.
.
.
etc


Three or so will be running at system start, but employing EndProcess will weed them down - until after the last one is ended, then another random letter/number named process will appear within seconds.

Yes, I've run Ad-Aware.

Any other suggestions?
0
Comment
Question by:jelarson
  • 2
3 Comments
 
LVL 2

Accepted Solution

by:
LeftofCool earned 100 total points
ID: 10970472
First of all, go to Start>Run>'msconfig'>Startup Tab, and disable everything there, apply the options, reboot the computer. What your describing is most likely the Peper trojan horse and there are several methods of eradicating it. One such method is to use McAfee's AVERT Stinger, which is linked below. Also, in addition to ad-aware, you need to run several more tools to help you stay spyware/adware/virus free. Below is a list of tools that should serve you well:


Anti-Spyware/Adware

Ad-Aware 6
http://www.lavasoftusa.com

Spy Sweeper 2.6 (free trial)
http://www.webroot.com/wb/products/spysweeper/index.php

Spybot Search & Destroy 1.3 rc4 (release candidate 4)
http://fileforum.betanews.com/detail.php3?fid=1043809773

Hijack This
http://download.com.com/3000-8022-10227352.html?tag=lst-0-3

Web Shredder (Removes all Cool Web Search variants)
http://www.spywareinfo.com/~merijn/cwschronicles.html#cwshredder


Online Anti-Virus

Computer Associates Online AV
http://www3.ca.com/virusinfo/virusscan.aspx

Symantec (Norton AV)
http://security.symantec.com/sscv6/default.asp?productid=symhome&langid=ie&venid=sym

McAfee Free Scan
http://us.mcafee.com/root/mfs/default.asp

McAfee AVERT Stinger
http://vil.nai.com/vil/stinger/

Trend Micro Housecall
http://housecall.antivirus.com/housecall/start_corp.asp

Panda ActiveScan
http://www.pandasoftware.com/activescan/

Kapersky Online AV
http://www.kaspersky.com/remoteviruschk.html


I recommend downloading and running all the anti-spyware/adware tools and running at least two of the online scanners, in particular, Stinger.

0
 

Author Comment

by:jelarson
ID: 10971510
Okay - will try your suggs.

I'll be back to their place probably some time mid- to late-next week.  Will follow up on this thread once I go back.

Thanks.
0
 

Author Comment

by:jelarson
ID: 11090650
Yeah - it was Peper.

I thought it was a virus so I was throwing a/v at it.

Thx much!

:)
0

Featured Post

Network it in WD Red

There's an industry-leading WD Red drive for every compatible NAS system to help fulfill your data storage needs. With drives up to 8TB, WD Red offers a wide array of solutions for customers looking to build the biggest, best-performing NAS storage solution.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

How important is it to take extra precautions to protect your online business? These are some steps you can take to make sure you're free of any cyber crime.
An overview of HIPAA and guidance on this topic that Experts Exchange members can offer.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now