Process identification question

Discussion in 'Malware Help (A Specialist Will Reply)' started by AngelsWilliam, Jun 18, 2007.

  1. AngelsWilliam

    AngelsWilliam Private First Class

    I noticed a process in task manager that I didn't recognize, and it's the only one I've ever Googled that has come back "not found," which really freaked me out.

    Do you have any idea what program (or, God forbid, malware) GWRCBSTA.exe goes with?

    Thanks for any info! I just got this laptop up and running again with a new hard drive and system board!

    I am running Norton Antivirus and PC Tools free firewall in the background, and I run Spybot S&D and Ad-Aware on a fairly regular basis.

    Thanks again!
     
    AngelsWilliam, Jun 18, 2007
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Welcome to Majorgeeks!
    I am not familiar with that process ...therefore:

    Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.
    • Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
    • Make sure you check version numbers and get all updates.
    • Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
    • After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
    Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.
    • When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
      • CounterSpy
      • AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy
      • Bitdefender - from step 6
      • Panda Scan - from step 6
      • runkeys.txt - the log from GetRunKey.bat
      • newfiles.txt - the log from ShowNew.bat
      • HijackThis
    NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!
     
    TimW, Jun 18, 2007
    #2
  3. AngelsWilliam

    AngelsWilliam Private First Class

    okay, I won't be able to do this until Wednesday. Mom & I are at my Grandma's in Wisconsin and are taking the train back to Michigan tomorrow. It's an all-day trip and is very exhausting. Thanks for the response, and I'll work on following your instructions as soon as I get home and get rested!
     
    AngelsWilliam, Jun 18, 2007
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Not a problem ....we're here when you are ready. Just continue with this thread.
     
    TimW, Jun 18, 2007
    #4
  5. AngelsWilliam

    AngelsWilliam Private First Class

    Okay, just so you don't close this thread, I'm letting you know that I'm starting work on this today. Sorry it took me so long. I lost a lot of sleep on the trip home because Amtrak REALLY screwed up our connections, and I work nights. Thanks for your patience!
     
    AngelsWilliam, Jun 29, 2007
    #5
  6. AngelsWilliam

    AngelsWilliam Private First Class

    HELP! Re: Process identification question

    I typed msconfig in the Run field, and I got an error message! :cry

    "Cannot find file 'msconfig' (or one of its components). Make sure the path and file name are correct and that all required libraries are available."

    GAH! *runs in panicked circles*

    This is a Windows 2000 SP4 machine. It just had the hard drive reformatted and Windows reinstalled by a friend of a friend who is a certified Dell technician. (This is a Dell laptop.)

    I hope that info helps you help me!
     
    AngelsWilliam, Jun 29, 2007
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Not to panick ...w2k does not have an msconfig ....so just carry on with the rest of the instructions.:)
     
    TimW, Jun 30, 2007
    #7
  8. AngelsWilliam

    AngelsWilliam Private First Class

    Hey, sorry I bothered you. I've isolated what the process belongs to. It's not malicious after all. For your future information: It is a process belonging to the AirDash WRCB-1054i Ethernet card. I am not currently using that card, so I can shut down the process, as I use wireless in this household. The guy who built this laptop has ethernet at his house, though, so installed the drivers for the card when he revamped the hard drive and motherboard, etc. That's probably why there was a new process there that hadn't been there before.

    Again, sorry to bother you. I hope the information I provided you about the process somehow makes up for the trouble.

    Sincerely,
     
    AngelsWilliam, Jul 8, 2007
    #8
  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    No bother ...glad you identified the process and can rest assured that you are ok.:)
     
    TimW, Jul 8, 2007
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds