More spyware/trojan/malware concerns

I posted here before about wildtangent wondering if it is spyware or not. Well thats gone and now i see other strange processes which give me cause for concern. i would post a screenshot of the process tab in windows but unfourtuneatly i do not know how. But here are the name of the processes that give me cause for concern.

DSSAGENT.EXE- Just noticed that one today and it has it self running twice in my system.

adsnt119.exe- thats been there just not quite sure what it is

E_S10IC2.EXE- That i think is everest which is installed on this system. Could anyone point me in the right direction on what these are and wether to get rid of them or not.
thanks
the tech guy

P.S.: I might run adaware which i run the latest version with the latest definitions file to see if anything comes up.

 

Oh yeah if you read this and want to contact me other than here dont be afraid to instant message me. Or private message me.
thanks
the tech guy

 

Looks like you've got some adware on your machine. Both of those need to go. Suggest you run the Read Me Sticky steps and post the results - Somebody should then be able to help you is more issues are found.

Advertising Spyware: DSSAGENT.exe (Brodcast) by Broderbund ​

PP

 

what about adsnt119.exe and the weird thing called: E_S10IC2.EXE. What do I do with them. I have adaware i think that can get the DSSAGENT. If your wrong though im sure chasalang will come in here and correct you but thanks for the help.
-the new tech guy

 

LOL! That's too funny! Suit yourself, though.

E_S10IC2.EXE ​

adsnt119.exe - Locate this with Windows Explorer and RightClick it to get Property and Version info. Looks like a baddie to me - along with DSSAGENT.EXE

PP

 

jeez

Hey the new tech guy,
Look at bottom of spyware forum at the moderators....PP is one...he kinda knows what he's doing

T.Blue

 

oh PP i didnt realize you were a moderator too. I thought chasalang was the only one here cause i see more of him than you philly fan Sorry bout that dude. anyway i got rid of the DSSAGENT with adaware. The funny thing is that adawae is haveing trouble updateing its definition file. I dunno why dude but it says that it cant read the downloaded file or something like that. Then if you restart the program it says the file is corrupted. I reinstalled a couple of times with the same thing happening. So i ran a scan just with the old file and it got rid of the DSSAGENT. Scince it is epson the E_S10IC2.EXE process i will leave alone because i have epson printers. for the adsnt119.exe i will do as you say. Again sorry about the confusion and thanks for all your help.
-The new tech guy

 

Umm i just snuffed out adsnt119.exe in windows. It came up from the search with two files. They are both in the windows folder. one is in: C:/WINNT/prefetch and the other is in C:/WINNT/system32. So im gonna assume that they are system files and that they should be left alone. oh incase your wondering why the foder is called WINNT it is because this was upgraded to xp from windows 2000. Just tell me what i should do from hee and again i apologize PP for the confusion.
-the new tech guy

 

ah but the funny thing is that as a process if its a system file it comes up under my user name instead of system like svchost or lsass would.

 

Don't worry about any confusion, it's no biggie. I'm not here as much as I used to be now that BJGarrick has settled in here. Guess I'm the Rodney Dangerfield of malware assassins, lol!

As for adsnt119.exe - Never assume that an unknown file is a system file just because it is in the System Folder - Boatloads of malware can take up residence there. That is why you should get the property and version info for it and see if it belongs to Microsoft.

From experience, I think it is malware - but it is better to be safe than sorry. At worst, instead of deleting it, you can rename it adsnt119.bad and see if it turns out to be needed.

PP

 

So im gonna assume that if its from microsoft its not malware because it been there for a while and adaware never said a thing about it. Umm adsnt119.exe has two results like i said before. One is a prefetch and another is an application file. Windows does not know how to open either one. But whats weird is that windows doesnt know whee its from or anything. The porcess itself is small. Not even a megabyte of ram is used for it and it just sits there. I just shut down the process and it doesnt seem tht it restarted. Umm... maybe i should get hijack this and post a logfile and you can tell me what is going on here?

 

And i guess chasalang is the scarface of malware assassins lol
-the tech guy

 

Got good news. Adaware is updateing normally again. I will run a full system scan before i get off tonight.

 

Glad to hear that!

If you want to attach a HJT log, feel free.

Did you check and see if adsnt119.exe is signed by Microsoft? I do know that there should be an adsnt.dll in system32 folder . . . . . The renaming option is probably a good way to go until a definitive answer is found.

As far as the Prefetch folder goes, basically all it does is enable programs to load faster - You should flush it every 6 weeks or so . . . . .

Actually, he is "Mr Smarty-Pants" while I used to be "Dr. Evil," LOL! We used to joke around a lot here in between fixing threads

PP

 

No Fair! Cheap Shot!

Like I said, since BJGarrick has settled in, there's not much need for me here . . . Plus, rebuilding the IANAG forum has been fun

PP

 

well now that i know how to take a screenshot of my system Im gonna show you my task list. There are like 73 processes right now because my sister is logged into the computer right now and she is out so i snuck on to do this. We are both logged on but on a typical use it is only like running 45 processes. So im gonna attach a pic of the task thing to show you what i am talking about. Unfourtunately the file was too big to be sent normally so i zipped it with winzip. Its just a simple graphic that you can expand with winzip. Im sure you all have it. Lemme know if this helps
-the new tech guy

 

Oh yeah i just looked at the two files again. There both not signed by micrsoft and one issome kinda app. Im gonna attach a pic of each one in the source folder. Once again i had to zip it with winzip cause it was too big to go in straight. This stuff might help you too.
-the new tech guy

 

Those don't really tell me anything - Better to just attach the actual file!
It really should be signed by M$ if it is legit . . . .

Actually, why don't you submit it here for a quick scan: kaspersky - scanforvirus That would be the best way to go.

Also, attach a fresh HijackThis log and your Ad-aware log and let's see if you have any issues to worry about.

PP

 

Soo you want me to get hijack this and post a log file. I really am not under attack by anything right now so i can just install it like a normal program right?

 

And you want me to post the actual file that i found in the windows search. plus an adaware log file. Ususally all that comes up in adaware are tracking cookies and i get the low risk mru stuff. So i dont think there are any major problems. But i will do a scan and post one as soon as i get on my pc later on.

 

Ad-aware gives a good enumeration of the stuff running on startup, so I'd like to see it.

Also, unzip HJT to its own folder C:\HijackThis, scan and attach the log and we'll see if there are any issues to be concerned about.
Frankly, at this point I'm not sure what we are looking for - I've made a few suggestions (rename, Kaspersky scan) with no feedback as to results.

PP

 

Sory i didnt get back to you right away. I just put the file through kaperspy and it came up clean. Im about to run adaware and will post a log as soon as its finished. Do you still want me to put HJT on here or not? Lemme know if this helps a little bit.

 

ok i have an adaware logfile. Its attached to this post. Read it and let me know if there are any problems. Thanks for all your help so far.
-the new tech guy

PS: lemme know if I still need hijack this

 

If you are not having any noticeable issues, no need for a HJT log.

But, back to the original files in question - As you can see, Ad-aware enumerates them pretty well:

#:35 [e_s10ic2.exe]
FilePath : C:\WINNT\System32\spool\DRIVERS\W32X86\3\
ProcessID : 664
ThreadCreationTime : 7-10-2005 12:34:44 AM
BasePriority : Normal
FileVersion : 3.00
ProductVersion : 3.00
ProductName : EPSON Status Monitor 3
CompanyName : SEIKO EPSON CORPORATION
FileDescription : EPSON Status Monitor 3
InternalName : E_S10IC2
LegalCopyright : Copyright (C) SEIKO EPSON CORP. 2001
OriginalFilename : E_S10IC2.EXE


But this one remains a bit of a mystery:
#:25 [adsnt119.exe]
FilePath : C:\WINNT\System32\
ProcessID : 864
ThreadCreationTime : 7-10-2005 12:33:51 AM
BasePriority : Normal

Still, If you submitted it for the Kaspersky scan and it tested OK, I doubt there is anything to worry about!

Jus be sure to follow Chaslang's Malware Commandments and surf safely!

PP

 

Well one time i stopped the process and it didnt seem to hurt anything so i dont think it is anything to worry about so do you think it will hurt the computer if i delete the file scince i apparently dont need it? I will try that with system restore on this way should it mess something up i will restore it and all will be fine. Thanks for the help
-the new tech guy

 

Well i know about the cookie/index.dat cleaner. Actually i know how to clean the index.dat by hand. You simply delete it in safemode with command prompt! Anyway thanks for the help
-the new tech guy

 

It is safer to just rename it (which prevents it from running) as I suggested earlier. That way, you can monitor your machine for a week or two to see if it is something you need and then delete it if that is not the case.

PP

 

too late already did lol. I turned on system restore so that i can restore it if it is needed in the system and it went a little weird i think i dropped a ton of processes from my system now im down to 43. Now im after that jusched thing too. But i cant seem to find it so once the deletees are done im gonna reboot and make sure i didnt mess anything up and if something is messed up i will bring it back with system restore. Thanks for the help
-the new tech guy

 

Well both seem to be gone. So i think im in good shape. Thanks for the helps
-the new tech guy

 

Happy to hear it

 

Well i was looking onto something else. Its called jusched.exe. Only thing is when i search for the file, windows cant seem to find it. Its like 648 kb and is another dead process like adsnt was. So i think i will just leave that one alone.
-the new tech guy

 

Ok i read it. The first sentence gave me all the info i needed. It wont be touched then. Thanks for the help guys
-the new tech guy