Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not Sure What To Do


  • Please log in to reply
10 replies to this topic

#1 slashdot

slashdot

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 31 March 2008 - 06:13 AM

hi everyone. I was trying to go through the processes as mentiones in this section n found out some X status exe's in my start up...i tried to delete them goin in safe mood but my windows almost crashed....so i reinstalled it. But dose files still running in my start up..... dey r as follow

Name: smss.exe
location : C:\WINDOWS\System32\smss.exe

Name: csrss
location: C:\WINDOWS\system32\csrss.exe

Name: Winlogon
location: C:\WINDOWS\system32\winlogon.exe

Name: wuauclt (there's anotherone wuauclt1)
location: C:\WINDOWS\system32\wuauclt.exe and wuauclt1.exe


here's is a screen shot of my current task manager: while am posting dis post :-

http://img40.imagevenue.com/img.php?image=..._122_1020lo.jpg

there must some more of dese trojan or worms but i got stuck just at the very begaining...sorry it my 1st post ever...so plz guide me through....n b easy if i did some mistakes in posting :thumbsup:

looking forward from the fellow users....thnx in advance

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,716 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:01 PM

Posted 31 March 2008 - 11:41 AM

All of the files above are legitimate. They are only malware if they are found outside the C:\Windows\System32\ folder.

#3 slashdot

slashdot
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 31 March 2008 - 09:18 PM

All of the files above are legitimate. They are only malware if they are found outside the C:\Windows\System32\ folder.


I'v found another one
Name: rundll32.exe
Location : C:\WINDOWS\system32\rundll32.exe


thnx for the response Admin..... btw those files r with in the system21 foleder as mentioned sir :thumbsup: i'v chked through the start up data base... n dey all got X mark status on them.... so should i leave them like that :trumpet: n i'v provied a screen shot of my task amnager...plz hv a look sir..... if there's some more of these..... thnx in advance... more power to BC ...peace :flowers:

Edited by slashdot, 31 March 2008 - 09:24 PM.


#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,716 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:01 PM

Posted 01 April 2008 - 11:12 AM

Legitimate as well. So far you are all clean.

#5 slashdot

slashdot
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 08 May 2008 - 04:03 AM

Hey admin not sure about the following one:

Name : WLLoginProxy.exe (Task maneger runnin process)(it's under svchost.exe in process explorer)
Location: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

Name: LVCOMSX.EXE
Location : "C:\WINDOWS\system32\LVCOMSX.EXE"


PLz hv a look on 'em...thnx in advance :thumbsup:


#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,716 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:01 PM

Posted 08 May 2008 - 06:13 AM

Name : WLLoginProxy.exe (Task maneger runnin process)(it's under svchost.exe in process explorer)
Location: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe


This is not a startup that we monitor. If you use Windows Live i would leave this alone.

Name: LVCOMSX.EXE
Location : "C:\WINDOWS\system32\LVCOMSX.EXE"


As stated inthe database, we usure if its necessary. You can experiment and tell us.

#7 slashdot

slashdot
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 08 May 2008 - 09:11 PM

aprriciate the quick response sir :thumbsup:

#8 eLenka

eLenka

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Dnepropetrovsk
  • Local time:07:01 PM

Posted 10 June 2008 - 03:45 PM

Process name: LVCom Server
Product: Logitech QuickCam or Labtec WebCam or LVCOMSX.EXE or Acer OrbiCam or Logitech Video Enumerator or Logitech Communications Manager
Company: Logitech Inc (www.logitech.com) or Labtec Inc (www.labtec.com)
File: lvcomsx.exe

#9 WickedGirl

WickedGirl

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 06 August 2008 - 08:30 PM

If some of these files are listed in HijackThis or Ad-Aware, etc like this:

PID: 932 ( 880) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 972 ( 880) \??\C:\WINDOWS\system32\winlogon.exe
size: 507904

Are these legit? What are the ??? in fromt of the file paths?

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,716 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:01 PM

Posted 07 August 2008 - 09:25 AM

If some of these files are listed in HijackThis or Ad-Aware, etc like this:

PID: 932 ( 880) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 972 ( 880) \??\C:\WINDOWS\system32\winlogon.exe
size: 507904

Are these legit? What are the ??? in fromt of the file paths?



Ignore the ??, just how its being read. Yes they are legit.

#11 WickedGirl

WickedGirl

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 22 August 2008 - 04:49 AM

Hello Grinler! Thank you very much for responding. I think that I have figured out that the ??? are a type of wildcard. It enables the item mentioned in the file path to be addressed in all profiles created within Windows. I think this is it anyway! :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users