Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help With Infection Diagnosis - Vista Home Premium


  • Please log in to reply
4 replies to this topic

#1 swiftideas

swiftideas

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 12 February 2008 - 12:59 AM

Hi,

I came across this website whilst trying to fix a problem. It looks awesome. Props to good work :thumbsup:

Can anyone help please?
Recently I have had some computer issues and I can't figure out what is happening.

Symptoms include:
general system lag
variance in ping times
browser redirections
headphones malfunction (related?)
media playback freezing (related?)

Unless I'm just paranoid, I figure that my PC is infected.
When I
Run AVG Free Edition; it only shows numerous cookies. (even when I delete them they reappear)
& also Trend Micro Housecall (online scan) does not find anything of note either.

I'm not sure if this is relevant but my System Event Viewer shows a number of details.
More recently these include:
"DCOM started the service wercplsupport with arguments "" in order to run the server:"
&
"TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts."

Can anyone help please?

BC AdBot (Login to Remove)

 


m

#2 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,072 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:03:33 PM

Posted 12 February 2008 - 08:09 AM

The TCP/IP error seems to indicate that something's using your internet without your knowledge (just a guess, not a firm diagnosis). I'm going to move your thread to the Am I Infected forum where you'll be able to receive some more expert assistance.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,572 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:33 PM

Posted 12 February 2008 - 08:26 AM

Are you finding any suspicious processes in Task Manager?

If so, you can search the name using Google or the following links:
BC's File Database
BC's Startup Programs Database
File Research Center
ThreatExpert Malware Search
If no search results are found, you are given the option to "Submit a New Sample".

Svchost.exe is a generic host process name for a group of services that are run from dynamic-link libraries (DLLs). It is not unusual for multiple instances of Svchost.exe running at the same time. To investigate these processes, see How to determine what services are running under a Svchost.exe process.

Determining whether a file is malware or a legitimate process sometimes depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file. However, it then places itself in a different location on your computer. A file's properties may give a clue to identifying it. Right-click on the file, Properties and examine the General and Version tabs.

You can download and use Process Explorer or System Explorer to investigate all running processes and gather additional information to identify and resolve problems. These tools will show the process CPU usage, a description and its path location. If you right-click on the file in question and select properties, you will see more details about the file.

Edited by quietman7, 12 February 2008 - 08:27 AM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 swiftideas

swiftideas
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 12 February 2008 - 06:57 PM

thanks for the relocation - oops

& particularly thanks for the diagnosis 101 - quietman - really helpful thanks

so.. I'm still looking into the process explorer but the only processes that might have a curve ball are..
mysqld-nt.exe
mDNSResponder.exe
I'll check them out more but just wanted to say cheers for the pointers :thumbsup:

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,572 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:33 PM

Posted 12 February 2008 - 09:05 PM

mdnsresponder.exe is a process associated with "Bonjour for Windows" software and used by ITunes for music sharing.
mysqld-nt.exe is a process associated with MySQL Daemon and a service that handles the access to MySQL databases.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users