Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


help identifying 3 processes

  • Please log in to reply
1 reply to this topic

#1 Makaveli88theDon


  • Members
  • 1 posts
  • Local time:11:39 PM

Posted 06 March 2010 - 10:19 PM

recently my windows firewall has been turning off by itself and i'm not sure why. i have 3 unknown processes on my computer and i couldn't find anything on google, which makes me think it's malware or something. here's the screen capture of it.

Posted Image

any one known what i can do to fix this problem?

Edited by Pandy, 07 March 2010 - 03:28 AM.
Moved from Windows XP Home and Pro to a more appropriate forum ~Pandy

BC AdBot (Login to Remove)


#2 Sashacat


  • Members
  • 372 posts
  • Local time:03:39 AM

Posted 10 March 2010 - 05:31 PM

Hello :thumbsup:

I searched also, trying to help find a solution.

Read this article:
New Worm 'Thumbing' Its Way onto Computers
Following is a partial excerpt from the article:
"The worm, known as VBS/AutoRun-UC (Sophos alias), spreads to remote computers through removable media devices, where it copies itself. In order to infect other systems, the malicious application also creates an autorun.inf file to be executed by Windows AutoRun, a feature which is enabled by default on most systems.

The worm ads a startup registry entry under “HKCU\Software\Microsoft\Windows\CurrentVersion\Run” named “Explorer,” with a value of: wscript.exe //e:VBScript “<currentdirectory>\database.mdb.” Wscript.exe is a legit file, which is known as the Windows Script Host, allowing the execution of various types of scripts. The //e:VBScript switch tells the Windows Script Host that it should use the VBScript engine to parse the database.mdb file.

People who do not require the AutoRun feature in Windows should disable it, as using removable drives is a propagation technique employed by many of today's threats. The U.S. Army was recently forced to ban the use of such devices from its networks, in order to contain a wide-spread infection. Meanwhile, system and network admins from all over the world are currently battling the Conficker.B worm, who has successfully infected an estimated 9 million systems. One of its propagation methods is also removable media.

In addition to disabling the AutoRun feature, users should be vigilant and only execute files that they are familiar with. “If you don’t know what it is, don’t click it,” James Wyke stresses.

- - - - - - - - - - - - - - - - - - - - - - - - -

After I found the above, I searched for "VBS/AutoRun-UC removal" and found this:

At the end of the above, it provides a link to:
How to remove a Trojan, Virus, Worm, or other Malware

Hope this helps :flowers:
If we don't change the direction we are going,
We are likely to end up where we are headed.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users