Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

poss virus activity - random process names in TaskManager

Posted on 2004-05-01
3
Medium Priority
?
433 Views
Last Modified: 2012-05-04
I've run three a/v products on the three PCs at my client's location.

NAV, Panda, Trend-Micro.

None of them are able to crack this nut.

Main indication of malware ---

I get random letter/number names of processes in the Task Manager (XPhome in all PCs) such as...

Gbi1r6.exe,
Smf1ikC.exe
Tzv5.exe
lklbq.exe
.
.
.
etc


Three or so will be running at system start, but employing EndProcess will weed them down - until after the last one is ended, then another random letter/number named process will appear within seconds.

Yes, I've run Ad-Aware.

Any other suggestions?
0
Comment
Question by:jelarson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 2

Accepted Solution

by:
LeftofCool earned 400 total points
ID: 10970472
First of all, go to Start>Run>'msconfig'>Startup Tab, and disable everything there, apply the options, reboot the computer. What your describing is most likely the Peper trojan horse and there are several methods of eradicating it. One such method is to use McAfee's AVERT Stinger, which is linked below. Also, in addition to ad-aware, you need to run several more tools to help you stay spyware/adware/virus free. Below is a list of tools that should serve you well:


Anti-Spyware/Adware

Ad-Aware 6
http://www.lavasoftusa.com

Spy Sweeper 2.6 (free trial)
http://www.webroot.com/wb/products/spysweeper/index.php

Spybot Search & Destroy 1.3 rc4 (release candidate 4)
http://fileforum.betanews.com/detail.php3?fid=1043809773

Hijack This
http://download.com.com/3000-8022-10227352.html?tag=lst-0-3

Web Shredder (Removes all Cool Web Search variants)
http://www.spywareinfo.com/~merijn/cwschronicles.html#cwshredder


Online Anti-Virus

Computer Associates Online AV
http://www3.ca.com/virusinfo/virusscan.aspx

Symantec (Norton AV)
http://security.symantec.com/sscv6/default.asp?productid=symhome&langid=ie&venid=sym

McAfee Free Scan
http://us.mcafee.com/root/mfs/default.asp

McAfee AVERT Stinger
http://vil.nai.com/vil/stinger/

Trend Micro Housecall
http://housecall.antivirus.com/housecall/start_corp.asp

Panda ActiveScan
http://www.pandasoftware.com/activescan/

Kapersky Online AV
http://www.kaspersky.com/remoteviruschk.html


I recommend downloading and running all the anti-spyware/adware tools and running at least two of the online scanners, in particular, Stinger.

0
 

Author Comment

by:jelarson
ID: 10971510
Okay - will try your suggs.

I'll be back to their place probably some time mid- to late-next week.  Will follow up on this thread once I go back.

Thanks.
0
 

Author Comment

by:jelarson
ID: 11090650
Yeah - it was Peper.

I thought it was a virus so I was throwing a/v at it.

Thx much!

:)
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're a modern-day technology professional, you may be wondering if certifications are really necessary. They are. Here's why.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question