Programs start on their own

Since 1 week i have this bugger on my pc, it flods the internet so hard thati can't get to a website, sometime's programs start on their own and use up all of my resourses like ftp.exe and cmd.exe and winlogon.exe and smss.exe and program that some times comes up names itself sysconfig.exe (i think it was like this) this is just weird, i think its a worm of somekind, i hope some of you know what this could be. i hope you can give me some advice about it.

(the attached file) This is the bar that i get when schutting down all thoes suspicious files (i already reinstalled windows, this is 1 hour after the reset!!!). I am soo irritated by my internet now, sometimes it freezes and then it goes on for some minutes after closing that programs.

 

To add to the X-mans advice, that screenshot looks like XP so ill ask the obvious question have you got all the relevant windows updates installed

Also have you tried safe-mode with networking to see if this behaviour still occurs
Bear in mind you need an always on internet connection for this to work, dial-up will not work

 

Sounds like a Sasser varient to me. Exibits simelar properties to Sasser (running ftp... which downloads the worms files from another infect PC, running cmd to execute the worm...)

Try housecall as well : http://housecall.trendmicro.com/
after getting all the relevant updates from http://windowsupdate.microsoft.com/

 

congrats xflat . well i have a windows xp pro version, i do not have a virus scanner at the moment because of the reinstallation of my pc, i have installed all the updates that stopped the processes ftp.exe and cmd.exe. that looks good to me now. the only problem is that the program sysconfig.exe still starts at the start, that pisses me off because it represses all the internet, so i can't even go to www.google.com.

Well now you said to scan my pc for trojans, but i had to turn off the suspicious process to go back to normal internet, otherwise i would not have posted this message!!!. so it doesnt scan that file i think!!. I now have Spybot on my machine and it only finds some damn cookies, so not a big problem

and is symantec realy down or is it just me??

edit: at the windows site, there was a check tool for all variants of the sasser virus a,b,c,d. if you want it: http://www.microsoft.com/security/incident/sasser.asp
they said i was infected, and they also removed it, (what they said!!!) i'm now gonna try to restart and check how the pc's running.

 

Ahh, yes, i forgot about the MS tool to get rid of sasser. Im sure I bookmarked it as well!

 

edit to the last message: Well it did not succes, the file sysconf.exe keeps up starting at start and running at 78% of resourses, i just downloaded a startup control panel, it says that its "Video process". i tried turning it off, but it comes back on restart!!!
btw i don't have norton anti virus yet installed, ill do that later, and i do have a hardware firewall on the router. I have a Cable modem running at 4048 kbits/s.

 

Hmm well i suspected a possible sasser attack thats why i asked about the updates, but didnt realise you had no av running
You might want to take a look here
http://www.sophos.com/virusinfo/analyses/w32agobotfp.html

Could be relevant

 

The page cannot be displayed .

auch!!!

 

have you ended the process through task manager

 

info from the link
W32/Agobot-FP is capable of spreading to computers on the local network protected by weak passwords.

When first run W32/Agobot-FP copies itself to the Windows system folder as netsvcs.exe or sysconf.exe and creates the following registry entries to run itself on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Video Process = netsvcs.exe
or
Video Process = sysconf.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\
Video Process = netsvcs.exe
or
Video Process = sysconf.exe

Each time W32/Agobot-FP is run it attempts to connect to a remote IRC server and join a specific channel.

W32/Agobot-FP then runs continuously in the background, allowing a remote intruder to access and control the computer via IRC channels.

W32/Agobot-FP attempts to terminate and disable various anti-virus and security-related programs.


Removal instructions
At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.

Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.

Locate the HKEY_LOCAL_MACHINE entries:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Video Process = netsvcs.exe
or
Video Process = sysconf.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\
Video Process = netsvcs.exe
or
Video Process = sysconf.exe

and delete them if they exist.

Close the registry editor.


you then really need to get a virus scanner up and running or at least use the online scanner posted by Goldfish

 

Thank you gen lee. It is gone now, i hope it never comes back.

btw tnx all!!!