Arrgh...Now ive gone and done it??

Help and discussion about non-Linux operating systems

Moderators: ChrisThornett, LXF moderators

Arrgh...Now ive gone and done it??

Postby GeordieJedi » Mon Dec 31, 2007 6:22 pm

Hi all. Sorry to bother you, but I was having a bit of trouble and I thought id ask for some advice

(Btw im running XP in the laptop)
I was surfing the net on the laptop. when I got an alert that a trojan was trying to establish a connection.
(So im thinking its already on the laptop??) Kaspersky has supposedly identified the threat and nutralised it.

However im now really paranoid and i have been googaling the various processes from task manager
(but the different websites seem to contradict one-another)

Here is a list of the the more suspicious items in task manager.

csrss.exe
Isass.exe ?
PDSched.exe
smss.exe
WZQPICK.EXE
wuaclt.exe

-> MsPMSPSv.exe is an interesting one, as I googled it, got an entry that looked almost exactly the same, and got diverted to the Sophos website. I followed the instructions very carefully and (made a back up of the registry first) the looked round for the supposed file. I never found the offending file but now im really starting to worry.

Ive ran trojan remover. Done a full system scan and it says its now clean.

So, any Ideas? any help would be VERY much appreciated. Thanks in advance :oops:
User avatar
GeordieJedi
LXF regular
 
Posts: 337
Joined: Thu Jun 14, 2007 10:36 pm
Location: North East England

RE: Arrgh...Now ive gone and done it??

Postby flashdangerpants » Mon Dec 31, 2007 7:09 pm

Isass.exe is a virus called optix pro, but Lsass.exe is good. so try be sure which you have there. if you have the virus then i assume you will have both processes running.

the others all look like perfectly sensible processes to me?

if you are still worried you should run hijackthis http://www.whatthetech.com/hijackthis/ and get an expert to look at the logs. i don't know where the experts are to be found though. personally i just assume my windows install is infected with crud like trojans and spyware and never use it for anything important. so i don't worry much about exactly which fleas it has.
flashdangerpants
LXF regular
 
Posts: 101
Joined: Sat Jan 14, 2006 6:56 pm

Re: RE: Arrgh...Now ive gone and done it??

Postby pootman » Mon Dec 31, 2007 9:03 pm

flashdangerpants wrote:the others all look like perfectly sensible processes to me?

How can you be sure without knowing what software he had running at the time?
flashdangerpants wrote:personally i just assume my windows install is infected with crud like trojans and spyware and never use it for anything important. so i don't worry much about exactly which fleas it has.

Oh, I see now, you're a programmer at Microsoft.
This signature has been produced using traditional writing methods on behalf of The Campaign For Real Slogans.
To enjoy this signature at its best, adjust your monitor's resolution to 1024x768.
User avatar
pootman
LXF regular
 
Posts: 430
Joined: Tue Jan 09, 2007 12:25 pm
Location: Scotland, North of England

RE: Re: RE: Arrgh...Now ive gone and done it??

Postby wyliecoyoteuk » Mon Dec 31, 2007 9:27 pm

Sorry, but shouldn't you be asking this on a Windows site?
They are more likely to be practiced at dealing with viruses. (after all we Linux ppl don't know what they are)
The sig between the asterisks is so cool that only REALLY COOL people can even see it!

*************** ************
User avatar
wyliecoyoteuk
LXF regular
 
Posts: 3466
Joined: Sun Apr 10, 2005 10:41 pm
Location: Birmingham, UK

Re: RE: Re: RE: Arrgh...Now ive gone and done it??

Postby Marrea » Mon Dec 31, 2007 10:40 pm

wyliecoyoteuk wrote:Sorry, but shouldn't you be asking this on a Windows site?


I was thinking the self same thing myself. :wink:
User avatar
Marrea
LXF regular
 
Posts: 1877
Joined: Fri Apr 08, 2005 9:32 pm
Location: Chilterns, West Hertfordshire

Re: RE: Arrgh...Now ive gone and done it??

Postby flashdangerpants » Mon Dec 31, 2007 11:05 pm

pootman wrote:
flashdangerpants wrote:the others all look like perfectly sensible processes to me?

How can you be sure without knowing what software he had running at the time?

well one of them is roxio perfectdisk, another is windows update client, then there's winzip, and a couple of processes that are part of windows itself and shouldn't be disabled. i would say that none of those sound very suspicious.
flashdangerpants
LXF regular
 
Posts: 101
Joined: Sat Jan 14, 2006 6:56 pm

RE: Re: RE: Arrgh...Now ive gone and done it??

Postby GeordieJedi » Tue Jan 01, 2008 12:22 pm

Thank you all very much, esp flashdangerpants. Any help is much appreciated.

Thats put my mind at rest a little bit...
The reason im eager to get this sorted is that its not my computer, its my brothers and I dont want to let him down by getting the thing infected with some virus/trojan crap.

Marrea + Wyliecoyote. Your probably right, although I had allready posted to a couple of forums and had recieved no response, So I thought i'd try here on the "Other OS" board, and hey..waddaya know. Even hardend linux fans help me out. Just goes to show.

Thanks.
User avatar
GeordieJedi
LXF regular
 
Posts: 337
Joined: Thu Jun 14, 2007 10:36 pm
Location: North East England

RE: Re: RE: Arrgh...Now ive gone and done it??

Postby flashdangerpants » Tue Jan 01, 2008 1:10 pm

i know the feeling. i reinstalled windows for my mum, went to download firefox for it and managed to infect the bloody thing with big lumps of spyware just by mistyping the url. went from clean to infested in less than 2 minutes :(
flashdangerpants
LXF regular
 
Posts: 101
Joined: Sat Jan 14, 2006 6:56 pm

Re: RE: Re: RE: Arrgh...Now ive gone and done it??

Postby ollie » Thu Jan 03, 2008 8:23 am

flashdangerpants wrote:went from clean to infested in less than 2 minutes :(


My record is 53 seconds - new install infected doing Windows Update! :x I´m much more careful about when I plug the network cable into a PC when I´m installing Windows for clients :x Now it is after I have installed and updated the AntiVirus/Internet Security software.
User avatar
ollie
Moderator
 
Posts: 2749
Joined: Mon Jul 25, 2005 11:26 am
Location: Bathurst NSW Australia


Return to Other OS

Who is online

Users browsing this forum: No registered users and 3 guests