BleepingComputer.com: Not Sure What To Do

Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Not Sure What To Do Winlogon, csrss, smss wuauclt

#1 User is offline   slashdot 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 25
  • Joined: 27-March 08

Posted 31 March 2008 - 06:13 AM

hi everyone. I was trying to go through the processes as mentiones in this section n found out some X status exe's in my start up...i tried to delete them goin in safe mood but my windows almost crashed....so i reinstalled it. But dose files still running in my start up..... dey r as follow

Name: smss.exe
location : C:\WINDOWS\System32\smss.exe

Name: csrss
location: C:\WINDOWS\system32\csrss.exe

Name: Winlogon
location: C:\WINDOWS\system32\winlogon.exe

Name: wuauclt (there's anotherone wuauclt1)
location: C:\WINDOWS\system32\wuauclt.exe and wuauclt1.exe


here's is a screen shot of my current task manager: while am posting dis post :-

http://img40.imagevenue.com/img.php?image=..._122_1020lo.jpg

there must some more of dese trojan or worms but i got stuck just at the very begaining...sorry it my 1st post ever...so plz guide me through....n b easy if i did some mistakes in posting :thumbsup:

looking forward from the fellow users....thnx in advance

#2 User is online   Grinler 

  • Bleep Bleep!
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Admin
  • Posts: 36,175
  • Joined: 24-January 04
  • Gender:Male
  • Location:USA

Posted 31 March 2008 - 11:41 AM

All of the files above are legitimate. They are only malware if they are found outside the C:\Windows\System32\ folder.
Lawrence Abrams
Circle BleepingComputer on Google+!
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
How to detect vulnerable programs using Secunia Personal Software Inspector <- Everyone should do this!

#3 User is offline   slashdot 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 25
  • Joined: 27-March 08

  Posted 31 March 2008 - 09:18 PM

View PostGrinler, on Mar 31 2008, 11:41 AM, said:

All of the files above are legitimate. They are only malware if they are found outside the C:\Windows\System32\ folder.


I'v found another one
Name: rundll32.exe
Location : C:\WINDOWS\system32\rundll32.exe


thnx for the response Admin..... btw those files r with in the system21 foleder as mentioned sir :thumbsup: i'v chked through the start up data base... n dey all got X mark status on them.... so should i leave them like that :trumpet: n i'v provied a screen shot of my task amnager...plz hv a look sir..... if there's some more of these..... thnx in advance... more power to BC ...peace :flowers:

This post has been edited by slashdot: 31 March 2008 - 09:24 PM

#4 User is online   Grinler 

  • Bleep Bleep!
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Admin
  • Posts: 36,175
  • Joined: 24-January 04
  • Gender:Male
  • Location:USA

Posted 01 April 2008 - 11:12 AM

Legitimate as well. So far you are all clean.
Lawrence Abrams
Circle BleepingComputer on Google+!
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
How to detect vulnerable programs using Secunia Personal Software Inspector <- Everyone should do this!

#5 User is offline   slashdot 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 25
  • Joined: 27-March 08

Posted 08 May 2008 - 04:03 AM

Hey admin not sure about the following one:

Name : WLLoginProxy.exe (Task maneger runnin process)(it's under svchost.exe in process explorer)
Location: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

Name: LVCOMSX.EXE
Location : "C:\WINDOWS\system32\LVCOMSX.EXE"


PLz hv a look on 'em...thnx in advance :thumbsup:

#6 User is online   Grinler 

  • Bleep Bleep!
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Admin
  • Posts: 36,175
  • Joined: 24-January 04
  • Gender:Male
  • Location:USA

Posted 08 May 2008 - 06:13 AM

Quote

Name : WLLoginProxy.exe (Task maneger runnin process)(it's under svchost.exe in process explorer)
Location: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe


This is not a startup that we monitor. If you use Windows Live i would leave this alone.

Quote

Name: LVCOMSX.EXE
Location : "C:\WINDOWS\system32\LVCOMSX.EXE"


As stated inthe database, we usure if its necessary. You can experiment and tell us.
Lawrence Abrams
Circle BleepingComputer on Google+!
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
How to detect vulnerable programs using Secunia Personal Software Inspector <- Everyone should do this!

#7 User is offline   slashdot 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 25
  • Joined: 27-March 08

Posted 08 May 2008 - 09:11 PM

aprriciate the quick response sir :thumbsup:

#8 User is offline   eLenka 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 105
  • Joined: 29-May 08
  • Gender:Female
  • Location:Dnepropetrovsk

Posted 10 June 2008 - 03:45 PM

Process name: LVCom Server
Product: Logitech QuickCam or Labtec WebCam or LVCOMSX.EXE or Acer OrbiCam or Logitech Video Enumerator or Logitech Communications Manager
Company: Logitech Inc (www.logitech.com) or Labtec Inc (www.labtec.com)
File: lvcomsx.exe

#9 User is offline   WickedGirl 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 6
  • Joined: 28-May 08

Posted 06 August 2008 - 08:30 PM

If some of these files are listed in HijackThis or Ad-Aware, etc like this:

PID: 932 ( 880) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 972 ( 880) \??\C:\WINDOWS\system32\winlogon.exe
size: 507904

Are these legit? What are the ??? in fromt of the file paths?

#10 User is online   Grinler 

  • Bleep Bleep!
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Admin
  • Posts: 36,175
  • Joined: 24-January 04
  • Gender:Male
  • Location:USA

Posted 07 August 2008 - 09:25 AM

View PostWickedGirl, on Aug 6 2008, 09:30 PM, said:

If some of these files are listed in HijackThis or Ad-Aware, etc like this:

PID: 932 ( 880) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 972 ( 880) \??\C:\WINDOWS\system32\winlogon.exe
size: 507904

Are these legit? What are the ??? in fromt of the file paths?



Ignore the ??, just how its being read. Yes they are legit.
Lawrence Abrams
Circle BleepingComputer on Google+!
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
How to detect vulnerable programs using Secunia Personal Software Inspector <- Everyone should do this!

#11 User is offline   WickedGirl 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 6
  • Joined: 28-May 08

Posted 22 August 2008 - 04:49 AM

Hello Grinler! Thank you very much for responding. I think that I have figured out that the ??? are a type of wildcard. It enables the item mentioned in the file path to be addressed in all profiles created within Windows. I think this is it anyway! :thumbsup:

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users