Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Seeing A Lot Of Red X's In Looking Over My Start Up List


  • Please log in to reply
8 replies to this topic

#1 honu1

honu1

  • Members
  • 477 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:03:50 PM

Posted 18 November 2007 - 04:47 PM

As my system has been a bit slow + asking for more restarts than normal, I asked for help at another forum here.
I downloaded autoruns.exe+with just a few checks of a very extensive start up list, I'm finding red X's!!!!!

I run adware+spyware checks faithfully every week. Just ran them today. I think I might have a virus due to a file names ercguard.exe,I have a program called SpywareGuard on my system.

Do I need to go to the Hijak This forum? And.....how on earth do I get there?

I'm a novice user so I am taking it slow, but I am very concerned!

Thank you
honu1
Life isn't about how to survive the storm, but how to dance in the rain.

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 12,989 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:50 PM

Posted 18 November 2007 - 04:58 PM

Install Super Antispyware free. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.
http://www.bitdefender.com/scan8/ie.html

--------------------------------------------------------------------------------

Post a Hijack This Log in the Hijack This Forum by following the directions in the link below if the programs above have not removed ALL malware. DO NOT post a log in this forum. http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

How to Start Windows in Safe Mode:
http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/
----------------------------------------------------------------------------------------------------------------------------------
Instructions for using Super Antispyware
Double-click SUPERAntiSypware.exe and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
Under "General and Startup", make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
Under "Configuration and Preferences", click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.
Click the "Close" button to leave the control center screen and exit the program.
--------------------------------------------------------------------------------

Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
On the left, make sure you check C:\Fixed Drive.
On the right, under "Complete Scan", choose Perform Complete Scan.
Click "Next" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
Make sure everything has a checkmark next to it and click "Next".
A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
If asked if you want to reboot, click "Yes".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
Click Close to exit the program and reboot normally.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:50 PM

Posted 19 November 2007 - 11:09 AM

I think I might have a virus due to a file names ercguard.exe

Anytime you come across a suspicious file, search the name using Google, BC's File Database, File Research Center or the Process ID Database.

If you cannot find any information, the file has a legitimate name but is not located where it is supposed to be, or you want a second opinion, submit it to jotti's virusscan or virustotal.com. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.
Post back with the results of the file analysis.

I downloaded autoruns...I'm finding red X's!!!!

Can you provide examples with the file name (Description) and paths (location)?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 honu1

honu1
  • Topic Starter

  • Members
  • 477 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:03:50 PM

Posted 25 November 2007 - 10:18 AM

Sorry it's taken so long to get back to you.
I have been using the data base here to research the files in my start up list.
For example let me give you 2.
hkcmd.exe---c:\windows\system32\hkcmd.exe
The BC data base gave it 2 U's+1 X

ctfmon.exe--c:\windows\system32\ctfmon.exe
The BC data base gave this one 1 U + 5 X's!!!!!

Many more of the files I have looked at so far have a rating of U, so I'm wondering if I can uncheck them.

Please advise as to the best route I should take.
Thanks so much :thumbsup:
honu1
Life isn't about how to survive the storm, but how to dance in the rain.

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:50 PM

Posted 25 November 2007 - 01:26 PM

ctfmon.exe.
Did you read the note for the files with red "X"s?
...This infection should not be confused with the legitimate C:\Windows\System32\ctfmon.exe file.
You can click on the file name in the "Name" column to get a link that will provide more information.

Same for hkcmd.exe.
Just click on any of the names for a link to more info.

Did you notice the Status Key?
U - This status flag means it is up to you whether or not you feel this program needs to run automatically
Sometimes you may have to experiment.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 honu1

honu1
  • Topic Starter

  • Members
  • 477 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:03:50 PM

Posted 27 November 2007 - 07:42 PM

Appreciate the input quietman7.
How am I reading the search info wrong then? How am I supposed to know what is a legitimate file as a beginner?
Thanks
honu1
Life isn't about how to survive the storm, but how to dance in the rain.

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:50 PM

Posted 27 November 2007 - 10:06 PM

Determining whether a file is malware or a legitimate process sometimes depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file. However, it then places itself in a different location on your computer. A file's properties may give a clue to identifying it. Right-click on the file, Properties and examine the General and Version tabs.

You can download and use Process Explorer or Glarysoft Process Manager to investigate all running processes and gather additional information to identify and resolve problems. These tools will show the process CPU usage, a description and its path location. If you right-click on the file in question and select properties, you will see more details about the file.

Anytime you come across a suspicious file which you cannot find any information, the file has a legitimate name but is not located where it is supposed to be, or you want a second opinion, submit it to jotti's virusscan or virustotal.com. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.
Post back with the results of the file analysis.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 honu1

honu1
  • Topic Starter

  • Members
  • 477 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:03:50 PM

Posted 29 November 2007 - 06:02 PM

Thanks again quietman7,
It's been a pretty hectic week for me+am spending lots of time at the hospital. Hopefully this weekend I will be able to spend "quality time" with my computer again.

I've bookmarked the links,thank you very much. I will report /post back with any suspicious files/processes noted.

Glad you're here. You're such an asset to the forum :thumbsup:

honu1
Life isn't about how to survive the storm, but how to dance in the rain.

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:50 PM

Posted 29 November 2007 - 06:10 PM

Your welcome. :thumbsup:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users