Process Information

Discussion in 'Malware Help (A Specialist Will Reply)' started by Netmondo, Aug 10, 2006.

  1. Netmondo

    Netmondo Private E-2

    I posted a question yesterday in the software section and you sent me to the read and run me first section. I am here to let you know what I found out with all the various scans.

    The first thing you had me do was download the tools and go to Safe Mode. With that done the first thing I ran was CCleaner which found 83mb worth of items.

    The second was Windows Malremove which found 0 items.

    Third was Spybot which found 5 items total.

    Fourth was Windows Defender which found 0 items.

    For the fifth I had to reboot to Safe Mode with Network and I ran the Bitdefender scan which is saved and will attached.

    For the Panda Active Scan I rebooted into normal mode as it was not coming up in Safe mode. The report will be attached as well.

    I have Trend Micro's Client Server Security on this machine and it found nothing as well.

    As stated in the previous post the Process that is running is still there and continues to change it's name each time the machine is rebooted. I did not run HJT as I wanted your approval on the things that I have done before posting further. Thank you for your time.
     

    Attached Files:

    Netmondo, Aug 10, 2006
    #1
  2. Netmondo

    Netmondo Private E-2

    If I remember correctly you wanted the 2 files The GetRunKey and ShowNew files which I have attached here.
     

    Attached Files:

    Netmondo, Aug 10, 2006
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    First goto Add/Remove programs and uninstall the below (as requested in step 0 of the READ ME)
    Viewpoint Manager (Remove Only)
    Viewpoint Media Player

    Now Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

    Now delete all files in this folder: F:\Windows\temp

    Now reboot your PC.



    Now attach a new GetRunKey log and also now get a HijackThis log and attach it.

    Please explain what malware problems you are having!
     
    Last edited: Aug 11, 2006
    chaslang, Aug 11, 2006
    #3
  4. Netmondo

    Netmondo Private E-2

    Ok I have done the items you listed. The thing that is confusing me is that I cannot delete this item from the Temp File. It says it maybe write protected or running. If I kill the process it no longer shows up in the Temp File. Which would tell me it is starting some place else. As far as symptoms I have not noticed anything accept that the machine seems to run slower than it once did. I work at a Harley Dealership and am the only Administrator type person they have. I have a 25 computer network here and try to keep watch on things like processes. I noticed this one process and at that point I contacted you to help get rid of this. As far as I can tell it is on every computer on the network including the server. We run a software called "Lightspeed" that we use for our business. I have contacted them to make sure that this isn't a process that they have running. They told me they had nothing running unless you are running Lightspeed.
     

    Attached Files:

    Netmondo, Aug 11, 2006
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Do not attempt to kill the process or delete the file anymore. If you do that, it obviously will not show in any logs. When you find it running, that is when I need a HijackThis log to be obtained. You MUST rename HijackThis.exe as requested in step 7 of the READ ME. This can be very important in detecting certain malware infections. Right now I don't think you have malware. I would also appreciate it if you could put a copy of the problem file into a ZIP file and attach it here so I can look at it.

    I don't see a program named Lightspeed installed! At least it is not showing in your newfiles.txt log in the Uninstall Programs listing.
     
    chaslang, Aug 12, 2006
    #5
  6. Netmondo

    Netmondo Private E-2

    Hell, I'm sorry about forgetting to rename that file. I saw the process file in the last Hijack log I sent you. This time like all the others when I reboot it changes names. I have attached the zip file so you can take a look. Also Lightspeed is only on the server and we use RDC to acess that program. Let me know what you think and thanks a ton for the help!!
     

    Attached Files:

    Last edited: Aug 12, 2006
    Netmondo, Aug 12, 2006
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    This in not malware. I believe it is part of Trend Micro's. Too bad they do something like this that makes it seem like malware. The people designing these scanning programs sometimes have all the best intentions, but they often loose sight of the fact that they can make their own applications seem like malware. Especially when they start choosing random names for programs and start running them from Temp locations or even the Windows folders. They may do this in an attempt to hide themselves from malware, but in the end they make themselves seem to be malware.
     
    chaslang, Aug 12, 2006
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds