Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Request For Help


  • Please log in to reply
3 replies to this topic

#1 ratdem

ratdem

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 06 November 2007 - 12:34 PM

I was going through the list of active programs in my Task Manager and looking each one up with the Startup List Dictionary here on BC, and noticed that I apparently have a couple of malicious programs (alg.exe and ctfmon.exe being the two that caught my eye). I have ZoneAlarm, AVG, SpyWare Guard, SpyWare Blaster, AdAware and SpyBot (with TeaTimer) running, so have no idea how these programs got through. I ran a complete check with AVG, SpyBot, AdAware and RegistryBooster 2, but they all came up empty.

Could anyone help me out with removing these things? I have HiJackThis! and ComboFix, but am afraid I'll make more of a mess than I already have if I go in un-coached.
"If ignorance is bliss, then wipe the smile off my face."
Rage Against the Machine

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,470 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:38 AM

Posted 06 November 2007 - 12:54 PM

alg.exe
ctfmon.exe.

Anytime you come across a suspicious file, search the name using Google, BC's File Database, File Research Center or the Process ID Database. Also see How to determine what services are running under a SVCHOST.EXE process.

You can download and use Process Explorer or Glarysoft Process Manager to investigate all running processes and gather additional information to identify and resolve problems. These tools will show the process CPU usage, a description and its path location. If you right-click on the file in question and select properties, you will see more details about the file.

Anytime you come across a suspicious file which you cannot find any information, the file has a legitimate name but is not located where it is supposed to be, or you want a second opinion, submit it to jotti's virusscan or virustotal.com. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.
Post back with the results of the file analysis.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 ratdem

ratdem
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 07 November 2007 - 11:56 AM

Thanks, I'll give your suggestions a try. :thumbsup:
"If ignorance is bliss, then wipe the smile off my face."
Rage Against the Machine

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,470 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:38 AM

Posted 07 November 2007 - 11:58 AM

Good luck. Post back if you need further assistance.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users