Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Having Trouble Getting Rid Of A Background Process


  • Please log in to reply
2 replies to this topic

#1 wolfzbane

wolfzbane

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 30 October 2005 - 10:23 AM

[edit- Sorry, this is windows xp) forgot to state that]

okay, my friend's problem stems from the AOL Instant messenger virus. His computer has all the symptoms of this virus but when he runs his virus program (EZ armor) it doesn't catch it. When he ran programs like Spybot or Adaware, it catches 40 or so programs every time he runs it. doesn't matter if its 1 day in between or 2 hours.

I suggested that he checks his add/remove programs list for anything that might be out of the ordinary. But there was nothing.

I then suggested that he hit ctl alt del and look at his background processes. There was only 31 running and I told him to enter each one onto http://www.liutilities.com/products/wintas...processlibrary/ and see if it was a good program or not. I told him that I had a similar problem in which a piece of spyware was blocking my virus protector. So it would not find any viruses.

He found a couple that were bad, but they wouldn't go away when he tried to close it. I had him go to msconfig and check his startup proccess and sure enough, they were in there. I had him uncheck those, and restart. After running spybot and adaware again, he came up with 117 for adaware and 4 on spybot. He checked his proccesses again and all of the bad programs were gone except these: .

pokapoka79.exe, pokapoka75.exe, 76, and another pokapoka79

When he tried to close this program, it automatically comes back up. Its in msconfig start up and he tried to uncheck it and then restart but it comes back up. Note: Only both poka 79s come back up in the proccesses. Poke 75 and 76 are in msconfig but are unchecked after restart.

------------

As for the virus, this information may or may not help in discovering what is wrong with his computer. but this is what he told me about it:

"I dunno if you've all seen that AIM virus thats been going around... well, I never clicked to download that program, but a friend with that virus IMed me with it. I have GAIM (which has tabbed IMing), so when I saw her tab pop up, i just hit x. For some reason, my comp froze when I did that, so its making me nervous.

I used Spybot and then EZ antivirus to scan my comp and they haven't come up with anything, or if they did, they said they deleted it.

And yet I still have really weird symptoms.. like, sometimes, when I try to open a prog, all I get is that sound windows plays when you try to do something when a prompt is up, and the program wont open. Another time my start menu had nothing in it except "new office document" and "open office document", and thats it, no programs, no documents, nothin. "


Thats what I had to go on, and I think we narrowed it down to those poka programs, but there might be something else that I haven't thought of. I normally work at a helpdesk, but its the weekend and I'm probably forgetting something very simplistic.

I appreciate any input you have to offer. Thanks!

Edited by wolfzbane, 30 October 2005 - 10:33 AM.


BC AdBot (Login to Remove)

 


#2 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,537 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:09:30 AM

Posted 30 October 2005 - 05:13 PM

Wolfzbane,

First of all let me say Welcome to Bleeping Computer. We hope that you will enjoy your visits here, and be able to find the information you need.

Now as for the problems you describe. here are two links that will give you additional information about the .exe files you mention. Bleeping Computer's Startup description of pokapoka79.exe. Bleeping Computers tutorial on "How to remove a Trojan, Virus, Worms, or other Malware."

If those two links are not succesful I do have a protocol that will help. Please follow the instructions below. These are tried and proven techniques to be able to get rid of malware that may be plaguing your friends machine.

Run these online virus scanners:
http://www.pandasoftware.com/activescan/
http://housecall.trendmicro.com/

Also this online Trojan scanner:
TrojanScan

Are you using these basic security programs?
(They're all free.)

aČ free - a complementary product to antivirus software which is specialized in protection against harmful software. Antivirus software often features an inadequate protection against Trojans, Dialers and Spyware. aČ fills this gap.
ewido security suite - offers protection against urgently growing threats like Trojans, Worms, Dialers, Hijackers, Spyware and Keyloggers.
Ad-Aware - A good program similar to SpyBot S & D.
Spybot S&D - Detects and removes spyware, of different types, from your computer.
Spywareblaster - A good program that prevents spyware from being installed on your computer in the first place. This program is always running in the background, protecting your computer. It prevents the installation of bad active X controls found in web pages.
SpywareGuard - A nice compliment to SpywareBlaster. This allows you the option to prevent downloads that contain bad active X controls.

If not, you need to. These programs, updated and used regularly, will do a lot to keep your computer clean of spyware, trojans, keyloggers, browser hijackers, etc...

Download them, update them, and then run them.

When installing ewido security suite, under Additional Options uncheck:
Install background guard
Install scan via context menu

Important:
Please read this tutorial on Spybot S&D before using it. Spybot can do SERIOUS damage, if not used properly.

If the above doesn't help rid you of the problem, then:

Read How to post a HijackThis Log.
Please read, and follow, all directions carefully.

Then, run a log, and post it in the HijackThis forum, at this link. Do not, fix anything, yet.
A member, of the GET Team, will help you out.
It may take a while to get a response, because the HJT Team are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.

NOTE:
Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.

The above malware removal protocol was written by and approved for posting by tg1911. Thank You. for the use tg!

Be (malware removal) Safe

Da Bleeping Animal

Edit: to correct url formatting.

Edited by Animal, 30 October 2005 - 05:16 PM.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#3 wolfzbane

wolfzbane
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 31 October 2005 - 06:38 AM

Thank you very much. What you posted did help, I appreciate it!

His computer is on the level now.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users