BleepingComputer.com: Not Sure What To Do

Posted 31 March 2008 - 06:13 AM

hi everyone. I was trying to go through the processes as mentiones in this section n found out some X status exe's in my start up...i tried to delete them goin in safe mood but my windows almost crashed....so i reinstalled it. But dose files still running in my start up..... dey r as follow

Name: smss.exe
location : C:\WINDOWS\System32\smss.exe

Name: csrss
location: C:\WINDOWS\system32\csrss.exe

Name: Winlogon
location: C:\WINDOWS\system32\winlogon.exe

Name: wuauclt (there's anotherone wuauclt1)
location: C:\WINDOWS\system32\wuauclt.exe and wuauclt1.exe


here's is a screen shot of my current task manager: while am posting dis post :-

http://img40.imagevenue.com/img.php?image=..._122_1020lo.jpg

there must some more of dese trojan or worms but i got stuck just at the very begaining...sorry it my 1st post ever...so plz guide me through....n b easy if i did some mistakes in posting

looking forward from the fellow users....thnx in advance

Posted 31 March 2008 - 11:41 AM

  Posted 31 March 2008 - 09:18 PM

Grinler, on Mar 31 2008, 11:41 AM, said:

All of the files above are legitimate. They are only malware if they are found outside the C:\Windows\System32\ folder.

I'v found another one
Name: rundll32.exe
Location : C:\WINDOWS\system32\rundll32.exe


thnx for the response Admin..... btw those files r with in the system21 foleder as mentioned sir i'v chked through the start up data base... n dey all got X mark status on them.... so should i leave them like that n i'v provied a screen shot of my task amnager...plz hv a look sir..... if there's some more of these..... thnx in advance... more power to BC ...peace

This post has been edited by slashdot: 31 March 2008 - 09:24 PM

Posted 01 April 2008 - 11:12 AM

Posted 08 May 2008 - 04:03 AM

Hey admin not sure about the following one:

Name : WLLoginProxy.exe (Task maneger runnin process)(it's under svchost.exe in process explorer)
Location: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

Name: LVCOMSX.EXE
Location : "C:\WINDOWS\system32\LVCOMSX.EXE"


PLz hv a look on 'em...thnx in advance

Posted 08 May 2008 - 06:13 AM

Posted 08 May 2008 - 09:11 PM

aprriciate the quick response sir

Posted 10 June 2008 - 03:45 PM

Posted 06 August 2008 - 08:30 PM

Posted 07 August 2008 - 09:25 AM

Posted 22 August 2008 - 04:49 AM

Hello Grinler! Thank you very much for responding. I think that I have figured out that the ??? are a type of wildcard. It enables the item mentioned in the file path to be addressed in all profiles created within Windows. I think this is it anyway!