Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

start up programs in background


  • Please log in to reply
3 replies to this topic

#1 livnhincali

livnhincali

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Rural Stockton,Ca
  • Local time:08:00 PM

Posted 25 September 2009 - 03:31 AM

I have been having issues with programs settings being changed,system settings changed and others, however when I run any Anti Virus program nothing comes up in my scan, ( other than a few tracking low risk cookies). I have tried to troubleshot it through my Event log but many of those logs have been disabled. The recent scan that I have run showed that I have detection of a high threat of a network-aware worm in my Heap Memory. Also I have following programs in my start up. Am running windows 7 and hope that someone would be able to give me some help with these issues. If you need more information I would be happy to try to supply whatever would help me to get my system back to a healthy state.

Thanks in advance.


Adobe Reader Speed Launcher "c:\program files\adobe\reader 9.0\reader\reader_sl.exe" Public HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

msnmsgr "c:\program files\msn messenger\msnmsgr.exe" /background NT AUTHORITY\SYSTEM HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

msnmsgr "c:\program files\msn messenger\msnmsgr.exe" /background .DEFAULT HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Sidebar %programfiles%\windows sidebar\sidebar.exe /autorun NT AUTHORITY\LOCAL SERVICE HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Sidebar %programfiles%\windows sidebar\sidebar.exe /autorun NT AUTHORITY\NETWORK SERVICE HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

SunJavaUpdateSched "c:\program files\java\jre6\bin\jusched.exe" Public HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Keep it simple ~ You can't fix stupid


BC AdBot (Login to Remove)

 


#2 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:09:00 PM

Posted 25 September 2009 - 09:15 AM

Those are valid. If your AVs show no threat, then what scan is it that you are running that is telling you that you are under threat?

#3 livnhincali

livnhincali
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Rural Stockton,Ca
  • Local time:08:00 PM

Posted 25 September 2009 - 11:56 AM

Those are valid. If your AVs show no threat, then what scan is it that you are running that is telling you that you are under threat?


Thank you for replying.

Details that was given after I ran the memory scan.
Am a little confused to the details of the Operating system. This laptop was installed only with Windows Vista then upgraded with windows 7 RC Beta. So how is it now shows that XP and 2000? There is just this laptop, along with my roommates computer in the household. Could that these malicious acts coming from someone within my own household?

Current Version: 1.0.10.0 File Size: 944 KB Operating System: Windows® Vista™ 32/64-bit, XP and 2000. Release Date: March 1, 2008.

Details of the Full Memory Scan:

Full Scan Summary:

* Scan details:
o Scan started: Friday, September 25, 2009 09:20:14
o Scan time: 09 minutes, 02 seconds
o Number of memory objects scanned: 10124
+ processes: 46
+ modules: 3078
+ heap pages: 7000
o Number of suspicious memory objects detected: 0
o Number of malicious memory objects detected: 2
o Overall Risk Level: High

* Summary of the detected threat characteristics:

Severity Level What's been found


A network-aware worm that uses known exploit(s) in order to replicate across vulnerable networks.
View detected locations

* Process "svchost.exe", heap page: [0x08780000 - 0x087c0000]
* Process "svchost.exe", heap page: [0x08800000 - 0x08840000]



MS04-011: LSASS Overflow exploit - replication across TCP 445 (common for Sasser, Bobax, Kibuv, Korgo, Gaobot, Spybot, Randex, other IRC Bots).
View detected locations

* Process "svchost.exe", heap page: [0x08780000 - 0x087c0000]
* Process "svchost.exe", heap page: [0x08800000 - 0x08840000]

* Summary of the detected memory objects:

Severity Level Memory Object


Process "svchost.exe", heap page: [0x08780000 - 0x087c0000]
View detected characteristics

* A network-aware worm that uses known exploit(s) in order to replicate across vulnerable networks.
* MS04-011: LSASS Overflow exploit - replication across TCP 445 (common for Sasser, Bobax, Kibuv, Korgo, Gaobot, Spybot, Randex, other IRC Bots).



Process "svchost.exe", heap page: [0x08800000 - 0x08840000]
View detected characteristics

* A network-aware worm that uses known exploit(s) in order to replicate across vulnerable networks.
* MS04-011: LSASS Overflow exploit - replication across TCP 445 (common for Sasser, Bobax, Kibuv, Korgo, Gaobot, Spybot, Randex, other IRC Bots).

Keep it simple ~ You can't fix stupid


#4 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:09:00 PM

Posted 25 September 2009 - 01:31 PM

I'm pretty sure that the status line at the top indicates which OS will run the application.

svchost.exe is also a valid application. Your scanner is giving you false positives. What is the name of the scanner?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users