Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

syswow64 ping


  • Please log in to reply
3 replies to this topic

#1 Deepster

Deepster

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 10 November 2011 - 04:22 AM

Hi
I had an issue where syswow64\ping was running and taking up a lot of CPU. I ran Sophos which is what i have and also MalwareBytes Quick scan. It removed some malware which was basically telling me of spurious infections. Not sure how this is related but the PING usage has since gone down. However it is still running.
The file timestamp on that ping.exe is the same as my machine OS install so a bit confusing if it is a virus or not. However plenty of posts about ping indicate that it looks to be one.

Sounds like ComboFix will fix but will wait for instructions. Am running a full MB scan but looks like it will not find anything. Please help!

Thanks in advance!

BC AdBot (Login to Remove)

 


#2 Deepster

Deepster
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 10 November 2011 - 04:49 AM

Update to my earlier post.
I thought the spurious infections issue went away. Apparently not. I get this warnings of Malware and it looks as if coming from Sophos but its not. Sophos has identified c:\Windows\SysWOW64\regedit.exe as suspicious.

#3 Deepster

Deepster
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 10 November 2011 - 07:34 AM

I forgot to include my system details:

Win7 Professional SP1
i7-2720QM
16GB RAM

Problems as of now:
- PING.exe runs, is creating tmp files in C:\Windows\Temp
- Fake security error message malware runs from C:\Windows\Temp. Exe names are cryptic
- Windows firewall setting: When i try to change to recommended, I am not getting error: "Windows Firewall can't change some of your settings. Error Code 0x8007042c"

Also include the log from MalwareBytes full scan:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8129

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

11/10/2011 5:49:54 AM
mbam-log-2011-11-10 (05-49-29).txt

Scan type: Full scan (C:\|)
Objects scanned: 1020731
Time elapsed: 1 hour(s), 49 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Qoobox\quarantine\C\Windows\System32\consrv.dll.vir (Backdoor.Agent.H) -> No action taken.
c:\Users\sandeep_pathak\AppData\LocalLow\Sun\Java\deployment\cache\6.0\50\56410bf2-66dab3a1 (Trojan.Inject.adb) -> No action taken.


Please help!

#4 Deepster

Deepster
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 11 November 2011 - 08:46 PM

Update

I ran Malware Bytes, SuperAntiSyware. It caught other suspicious items but did not stop PING.
I had to bite the bullet and ram ComboFix. In this mix, some how i got the Privacy Control virus too (privacy.exe). ComboFix took care of everything! No PING running anymore. No Privacy Control on the machine.
Question: Should ComboFix be run in safe mode?


This thread can be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users