Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Noname Program


  • Please log in to reply
4 replies to this topic

#1 dudice

dudice

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 22 December 2007 - 04:25 AM

Hello to all. my name is Dudice from Philippines.

Here is my problem i can see no name program when i press ALT+TAB and when i choose the program nothing is happening. I think it is a virus.


Ive Scan my computer using NOD32 anti virus and removed some viruses. :thumbsup:
Im using Windows XP.

the Process in my windows task manager are


Image name Username

taskmgr.exe Myname
Explorer.exe Myname
iexplorer.exe Myname
wmplayer.exe Myname
svchost.exe System
svchost.exe Network Service
svchost.exe System
alg.exe Local Service
svchost.exe System
ekrn.exe System
svchost.exe System
schedul2.exe Network Service
svchost.exe System
Ymsgr_tray.exe Myname
Isass.exe System
services.exe System
winlogon.exe System
csrss.exe System
egui.exe Myname
SMSS.exe System
SOUNDMAN.exe Myname
qttask.exe Myname
iTunesHelper.exe Myname
schedhlp.exe Myname
iPodService.exe System
TrueImageMonitor.exe Myname
spoolsv.exe System
svchost.exe Local Service
System System
System Idle Process System


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, December 22, 2007 9:28:44 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 22/12/2007
Kaspersky Anti-Virus database records: 491575
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 125440
Number of viruses found: 5
Number of infected objects: 8
Number of suspicious objects: 0
Duration of the scan process: 01:35:05

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Logs\virlog.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Logs\warnlog.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Logs\epfwlog.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Charon\CACHE.NDB Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\MSHist012007122220071223\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Michael\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Michael\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Temp\~DF8FAE.tmp Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Temp\~DF35FC.tmp Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\History\History.IE5\MSHist012007122220071223\index.dat Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Michael\Desktop\iam\Addon\User & Pass v8.0.exe Infected: Trojan.Win32.Autoit.bg skipped
C:\Documents and Settings\Michael\Cookies\index.dat Object is locked skipped
C:\Program Files\Common Files\CPUSH\cpush.dll Infected: not-a-virus:AdWare.Win32.BHO.pr skipped
C:\System Volume Information\_restore{B557119B-DB71-467B-AB92-DB41CE41B72F}\RP6\change.log Object is locked skipped
D:\Michael\recipes.exe/data0011 Infected: not-a-virus:AdWare.Win32.Comet.bb skipped
D:\Michael\recipes.exe NSIS: infected - 1 skipped
D:\Michael\mirc621.exe/stream/data0008 Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
D:\Michael\mirc621.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
D:\Michael\mirc621.exe NSIS: infected - 2 skipped

E:\wallpapers\Trucks\SmileyCentralPFSetup2.0.3.8-2.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
F:\System Volume Information\_restore{B557119B-DB71-467B-AB92-DB41CE41B72F}\RP6\change.log Object is locked skipped

Scan process completed.

Edited by dudice, 22 December 2007 - 08:35 AM.


BC AdBot (Login to Remove)

 


#2 dudice

dudice
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 22 December 2007 - 08:31 AM

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, December 22, 2007 9:28:44 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 22/12/2007
Kaspersky Anti-Virus database records: 491575
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 125440
Number of viruses found: 5
Number of infected objects: 8
Number of suspicious objects: 0
Duration of the scan process: 01:35:05

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Logs\virlog.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Logs\warnlog.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Logs\epfwlog.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Charon\CACHE.NDB Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\MSHist012007122220071223\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Michael\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Michael\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Temp\~DF8FAE.tmp Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Temp\~DF35FC.tmp Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\History\History.IE5\MSHist012007122220071223\index.dat Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Michael\Desktop\iam\Addon\User & Pass v8.0.exe Infected: Trojan.Win32.Autoit.bg skipped
C:\Documents and Settings\Michael\Cookies\index.dat Object is locked skipped
C:\Program Files\Common Files\CPUSH\cpush.dll Infected: not-a-virus:AdWare.Win32.BHO.pr skipped
C:\System Volume Information\_restore{B557119B-DB71-467B-AB92-DB41CE41B72F}\RP6\change.log Object is locked skipped
D:\Michael\recipes.exe/data0011 Infected: not-a-virus:AdWare.Win32.Comet.bb skipped
D:\Michael\recipes.exe NSIS: infected - 1 skipped
D:\Michael\mirc621.exe/stream/data0008 Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
D:\Michael\mirc621.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
D:\Michael\mirc621.exe NSIS: infected - 2 skipped
E:\wallpapers\Trucks\SmileyCentralPFSetup2.0.3.8-2.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
F:\System Volume Information\_restore{B557119B-DB71-467B-AB92-DB41CE41B72F}\RP6\change.log Object is locked skipped

Scan process completed.

#3 katty

katty

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 25 December 2007 - 05:02 AM

it definitely looks like a virus. maybe try other av-program?

#4 Turnips

Turnips

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 26 December 2007 - 07:37 AM

Hi Dudice, I'm from the Philippines too. c;

Try an online scan with TrendMicro Housecall(look it up in Google).

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,098 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:26 PM

Posted 26 December 2007 - 12:04 PM

Determining whether a file is malware or a legitimate process sometimes depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file. However, it then places itself in a different location on your computer. A file's properties may give a clue to identifying it. Right-click on the file, Properties and examine the General and Version tabs.

If you cannot find any information, the file has a legitimate name but is not located where it is supposed to be, or you want a second opinion, submit it to jotti's virusscan or virustotal.com. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.
Post back with the results of the file analysis.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users