Solved

poss virus activity - random process names in TaskManager

Posted on 2004-05-01
3
429 Views
Last Modified: 2012-05-04
I've run three a/v products on the three PCs at my client's location.

NAV, Panda, Trend-Micro.

None of them are able to crack this nut.

Main indication of malware ---

I get random letter/number names of processes in the Task Manager (XPhome in all PCs) such as...

Gbi1r6.exe,
Smf1ikC.exe
Tzv5.exe
lklbq.exe
.
.
.
etc


Three or so will be running at system start, but employing EndProcess will weed them down - until after the last one is ended, then another random letter/number named process will appear within seconds.

Yes, I've run Ad-Aware.

Any other suggestions?
0
Comment
Question by:jelarson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 2

Accepted Solution

by:
LeftofCool earned 100 total points
ID: 10970472
First of all, go to Start>Run>'msconfig'>Startup Tab, and disable everything there, apply the options, reboot the computer. What your describing is most likely the Peper trojan horse and there are several methods of eradicating it. One such method is to use McAfee's AVERT Stinger, which is linked below. Also, in addition to ad-aware, you need to run several more tools to help you stay spyware/adware/virus free. Below is a list of tools that should serve you well:


Anti-Spyware/Adware

Ad-Aware 6
http://www.lavasoftusa.com

Spy Sweeper 2.6 (free trial)
http://www.webroot.com/wb/products/spysweeper/index.php

Spybot Search & Destroy 1.3 rc4 (release candidate 4)
http://fileforum.betanews.com/detail.php3?fid=1043809773

Hijack This
http://download.com.com/3000-8022-10227352.html?tag=lst-0-3

Web Shredder (Removes all Cool Web Search variants)
http://www.spywareinfo.com/~merijn/cwschronicles.html#cwshredder


Online Anti-Virus

Computer Associates Online AV
http://www3.ca.com/virusinfo/virusscan.aspx

Symantec (Norton AV)
http://security.symantec.com/sscv6/default.asp?productid=symhome&langid=ie&venid=sym

McAfee Free Scan
http://us.mcafee.com/root/mfs/default.asp

McAfee AVERT Stinger
http://vil.nai.com/vil/stinger/

Trend Micro Housecall
http://housecall.antivirus.com/housecall/start_corp.asp

Panda ActiveScan
http://www.pandasoftware.com/activescan/

Kapersky Online AV
http://www.kaspersky.com/remoteviruschk.html


I recommend downloading and running all the anti-spyware/adware tools and running at least two of the online scanners, in particular, Stinger.

0
 

Author Comment

by:jelarson
ID: 10971510
Okay - will try your suggs.

I'll be back to their place probably some time mid- to late-next week.  Will follow up on this thread once I go back.

Thanks.
0
 

Author Comment

by:jelarson
ID: 11090650
Yeah - it was Peper.

I thought it was a virus so I was throwing a/v at it.

Thx much!

:)
0

Featured Post

[Webinar] Code, Load, and Grow

Managing multiple websites, servers, applications, and security on a daily basis? Join us for a webinar on May 25th to learn how to simplify administration and management of virtual hosts for IT admins, create a secure environment, and deploy code more effectively and frequently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many businesses neglect disaster recovery and treat it as an after-thought. I can tell you first hand that data will be lost, hard drives die, servers will be hacked, and careless (or malicious) employees can ruin your data.
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question