Solved

poss virus activity - random process names in TaskManager

Posted on 2004-05-01
3
428 Views
Last Modified: 2012-05-04
I've run three a/v products on the three PCs at my client's location.

NAV, Panda, Trend-Micro.

None of them are able to crack this nut.

Main indication of malware ---

I get random letter/number names of processes in the Task Manager (XPhome in all PCs) such as...

Gbi1r6.exe,
Smf1ikC.exe
Tzv5.exe
lklbq.exe
.
.
.
etc


Three or so will be running at system start, but employing EndProcess will weed them down - until after the last one is ended, then another random letter/number named process will appear within seconds.

Yes, I've run Ad-Aware.

Any other suggestions?
0
Comment
Question by:jelarson
  • 2
3 Comments
 
LVL 2

Accepted Solution

by:
LeftofCool earned 100 total points
ID: 10970472
First of all, go to Start>Run>'msconfig'>Startup Tab, and disable everything there, apply the options, reboot the computer. What your describing is most likely the Peper trojan horse and there are several methods of eradicating it. One such method is to use McAfee's AVERT Stinger, which is linked below. Also, in addition to ad-aware, you need to run several more tools to help you stay spyware/adware/virus free. Below is a list of tools that should serve you well:


Anti-Spyware/Adware

Ad-Aware 6
http://www.lavasoftusa.com

Spy Sweeper 2.6 (free trial)
http://www.webroot.com/wb/products/spysweeper/index.php

Spybot Search & Destroy 1.3 rc4 (release candidate 4)
http://fileforum.betanews.com/detail.php3?fid=1043809773

Hijack This
http://download.com.com/3000-8022-10227352.html?tag=lst-0-3

Web Shredder (Removes all Cool Web Search variants)
http://www.spywareinfo.com/~merijn/cwschronicles.html#cwshredder


Online Anti-Virus

Computer Associates Online AV
http://www3.ca.com/virusinfo/virusscan.aspx

Symantec (Norton AV)
http://security.symantec.com/sscv6/default.asp?productid=symhome&langid=ie&venid=sym

McAfee Free Scan
http://us.mcafee.com/root/mfs/default.asp

McAfee AVERT Stinger
http://vil.nai.com/vil/stinger/

Trend Micro Housecall
http://housecall.antivirus.com/housecall/start_corp.asp

Panda ActiveScan
http://www.pandasoftware.com/activescan/

Kapersky Online AV
http://www.kaspersky.com/remoteviruschk.html


I recommend downloading and running all the anti-spyware/adware tools and running at least two of the online scanners, in particular, Stinger.

0
 

Author Comment

by:jelarson
ID: 10971510
Okay - will try your suggs.

I'll be back to their place probably some time mid- to late-next week.  Will follow up on this thread once I go back.

Thanks.
0
 

Author Comment

by:jelarson
ID: 11090650
Yeah - it was Peper.

I thought it was a virus so I was throwing a/v at it.

Thx much!

:)
0

Featured Post

Watch Anatomy of a Wi-Fi Hack On-Demand

In less than a weekend, anyone with Internet access and some free time can become a Wi-Fi MitM to wreak havoc on your network. View our Wi-Fi Expert in an on-demand episode of our Secure Wi-Fi mini-series as he explores the motives, execution, and anatomy of a Wi-Fi hack.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In this increasingly digital world, security hacks are no longer just a threat, but a reality. As we've witnessed with Target's big identity hack 2013, Heartbleed in 2015, and now Cloudbleed, companies and their leaders need to prepare for the unthi…
Smart phones, smart watches, Bluetooth-connected devices—the IoT is all around us. In this article, we take a look at the security implications of our highly connected world.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

680 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question