Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

new to this site, just got rid of google update or Backdoor:win32/fynloski.a


  • Please log in to reply
2 replies to this topic

#1 ciscojg407

ciscojg407

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 11 November 2011 - 12:53 AM

I just wanna know if i fully got rid of it....im running MSE which picked up on it after about 12 hours of execution....i also ran spybot S+D, found another trojan ..i assume from having the first one and trying to remove it or something....i have a log from Process Explorer that i am going to post now. and then reboot and post a new log after rebooting to see if you guys find anything....or just let me know if I need to do anything else.


Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 95.31 0 K 28 K
System 4 0 K 32 K
Interrupts n/a < 0.01 0 K 0 K Hardware Interrupts and DPCs
smss.exe 724 172 K 56 K Windows NT Session Manager Microsoft Corporation
csrss.exe 792 0.78 1,884 K 1,060 K Client Server Runtime Process Microsoft Corporation
winlogon.exe 816 14,584 K 1,956 K Windows NT Logon Application Microsoft Corporation
services.exe 860 1,964 K 1,328 K Services and Controller app Microsoft Corporation
svchost.exe 1072 3,280 K 1,572 K Generic Host Process for Win32 Services Microsoft Corporation
wmiprvse.exe 208 4,052 K 2,620 K WMI Microsoft Corporation
wmiprvse.exe 2444 2,912 K 6,104 K
svchost.exe 1124 2,084 K 1,296 K Generic Host Process for Win32 Services Microsoft Corporation
MsMpEng.exe 1220 97,716 K 8,964 K Antimalware Service Executable Microsoft Corporation
svchost.exe 1256 15,672 K 8,988 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1356 5,348 K 1,308 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1480 2,640 K 88 K Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 1704 4,360 K 1,620 K Spooler SubSystem App Microsoft Corporation
svchost.exe 1996 1,464 K 104 K Generic Host Process for Win32 Services Microsoft Corporation
AppleMobileDeviceService.exe 2032 10,340 K 800 K MobileDeviceService Apple Inc.
aspnet_state.exe 256 1,112 K 340 K Microsoft ASP.NET State Server Microsoft Corporation
mDNSResponder.exe 276 1,044 K 224 K Bonjour Service Apple Inc.
Brmfrmps.exe 300 388 K 56 K Brother Popup Suspend service ( for R/M ) Brother Industries, Ltd.
ehrecvr.exe 340 2,608 K 52 K Media Center Receiver Service Microsoft Corporation
ehSched.exe 416 2,172 K 196 K Media Center Scheduler Service Microsoft Corporation
svchost.exe 616 1,676 K 208 K Generic Host Process for Win32 Services Microsoft Corporation
jqs.exe 744 2,320 K 1,420 K Java™ Quick Starter Service Sun Microsystems, Inc.
mdm.exe 1276 1,080 K 388 K Machine Debug Manager Microsoft Corporation
nvsvc32.exe 1332 2,632 K 304 K NVIDIA Driver Helper Service, Version 81.33 NVIDIA Corporation
PRISMXL.SYS 1368 512 K 56 K PrismXL Service New Boundary Technologies, Inc.
RMSvc.exe 356 2,384 K 1,044 K MCRD RM Service Microsoft Corporation
locator.exe 1168 1,064 K 48 K Rpc Locator Microsoft Corporation
svchost.exe 2404 1,556 K 132 K Generic Host Process for Win32 Services Microsoft Corporation
StarWindService.exe 2556 788 K 52 K StarWind iSCSI Target (Alcohol Edition) Rocket Division Software
svchost.exe 2624 2,540 K 52 K Generic Host Process for Win32 Services Microsoft Corporation
tlntsvr.exe 2888 1,304 K 52 K Telnet Microsoft Corporation
WLIDSVC.EXE 3028 5,256 K 504 K Microsoft® Windows Live ID Service Microsoft Corporation
WLIDSVCM.EXE 3104 668 K 52 K Microsoft® Windows Live ID Service Monitor Microsoft Corporation
wmpnetwk.exe 3320 6,304 K 632 K Windows Media Player Network Sharing Service Microsoft Corporation
McrdSvc.exe 3464 1,488 K 256 K MCRD Device Service Microsoft Corporation
dllhost.exe 3460 2,592 K 916 K COM Surrogate Microsoft Corporation
iPodService.exe 4044 3,184 K 884 K iPodService Module (32-bit) Apple Inc.
alg.exe 2184 1,252 K 88 K Application Layer Gateway Service Microsoft Corporation
lsass.exe 872 4,064 K 1,760 K LSA Shell (Export Version) Microsoft Corporation
procexp.exe 4080 11,912 K 15,424 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
explorer.exe 876 31,536 K 10,056 K Windows Explorer Microsoft Corporation
ZboardTray.exe 2788 1,648 K 532 K ZBoard TrayControl
Zboard.exe 204 3,616 K 220 K Ideazon Zboard High level driver Ideazon
msseces.exe 3932 5,212 K 244 K Microsoft Security Client User Interface Microsoft Corporation
iTunesHelper.exe 3824 11,708 K 228 K iTunesHelper Apple Inc.
jusched.exe 572 1,340 K 164 K Java™ Update Scheduler Sun Microsystems, Inc.
TeaTimer.exe 2880 73,004 K 1,904 K System settings protector Safer-Networking Ltd.
sidebar.exe 1744 6,740 K 420 K Windows Sidebar Microsoft Corporation
sidebar.exe 292 3.13 28,148 K 18,920 K Windows Sidebar Microsoft Corporation
RocketDock.exe 3108 0.78 8,928 K 1,728 K
Mini_Monitor.exe 2212 9,324 K 3,032 K CleanMem Mini Monitor PcWinTech.com

BC AdBot (Login to Remove)

 


#2 ciscojg407

ciscojg407
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 11 November 2011 - 01:07 AM

ok so heres new log.....so MSE does thing thing at startup that when everything is loading the MSE window opens and stays blank in the middle, I click on the window and everything goes normal. no freezing of the application... almost like it loads it up and its supposed to minimize it to system tray but doesnt?.. i dunno how to explain it, but that started when i put windowblinds up....doesnt have anything to do with the virus because it was before. or does it?... anyway thanks for the help, cool site.



Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 39.13 0 K 28 K
System 4 0 K 236 K
Interrupts n/a 0.72 0 K 0 K Hardware Interrupts and DPCs
smss.exe 724 172 K 444 K Windows NT Session Manager Microsoft Corporation
csrss.exe 792 0.72 1,748 K 3,884 K Client Server Runtime Process Microsoft Corporation
winlogon.exe 816 7,948 K 1,840 K Windows NT Logon Application Microsoft Corporation
services.exe 860 5.80 1,940 K 3,676 K Services and Controller app Microsoft Corporation
svchost.exe 1072 3,004 K 5,608 K Generic Host Process for Win32 Services Microsoft Corporation
wmiprvse.exe 3576 2,852 K 7,728 K WMI Microsoft Corporation
wmiprvse.exe 3332 2,912 K 6,080 K WMI Microsoft Corporation
svchost.exe 1128 2,008 K 4,856 K Generic Host Process for Win32 Services Microsoft Corporation
MsMpEng.exe 1224 47.83 99,840 K 58,500 K Antimalware Service Executable Microsoft Corporation
svchost.exe 1260 14,964 K 25,016 K Generic Host Process for Win32 Services Microsoft Corporation
wuauclt.exe 3064 6,864 K 13,944 K Windows Update Microsoft Corporation
svchost.exe 1380 4,900 K 7,180 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1448 2,664 K 4,836 K Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 1720 4,040 K 6,164 K Spooler SubSystem App Microsoft Corporation
svchost.exe 1972 1,488 K 4,024 K Generic Host Process for Win32 Services Microsoft Corporation
AppleMobileDeviceService.exe 2012 10,340 K 14,072 K MobileDeviceService Apple Inc.
aspnet_state.exe 200 1,108 K 3,664 K Microsoft ASP.NET State Server Microsoft Corporation
mDNSResponder.exe 252 1,044 K 3,192 K Bonjour Service Apple Inc.
Brmfrmps.exe 276 388 K 1,348 K Brother Popup Suspend service ( for R/M ) Brother Industries, Ltd.
ehrecvr.exe 320 2,576 K 4,704 K Media Center Receiver Service Microsoft Corporation
ehSched.exe 536 864 K 2,968 K Media Center Scheduler Service Microsoft Corporation
svchost.exe 652 1,700 K 3,620 K Generic Host Process for Win32 Services Microsoft Corporation
jqs.exe 788 2,052 K 3,732 K Java™ Quick Starter Service Sun Microsystems, Inc.
mdm.exe 1020 1,080 K 3,236 K Machine Debug Manager Microsoft Corporation
nvsvc32.exe 1312 2,552 K 3,992 K NVIDIA Driver Helper Service, Version 81.33 NVIDIA Corporation
PRISMXL.SYS 1332 512 K 1,928 K PrismXL Service New Boundary Technologies, Inc.
sessmgr.exe 1516 1,580 K 4,636 K Microsoft® Remote Desktop Help Session Manager Microsoft Corporation
RMSvc.exe 404 2,396 K 4,656 K MCRD RM Service Microsoft Corporation
locator.exe 528 1,064 K 2,824 K Rpc Locator Microsoft Corporation
svchost.exe 684 1,572 K 3,964 K Generic Host Process for Win32 Services Microsoft Corporation
StarWindService.exe 1216 788 K 2,556 K StarWind iSCSI Target (Alcohol Edition) Rocket Division Software
svchost.exe 1344 0.72 2,608 K 4,456 K Generic Host Process for Win32 Services Microsoft Corporation
tlntsvr.exe 2320 1,316 K 4,000 K Telnet Microsoft Corporation
WLIDSVC.EXE 2432 4,852 K 8,732 K Microsoft® Windows Live ID Service Microsoft Corporation
WLIDSVCM.EXE 3748 684 K 2,204 K Microsoft® Windows Live ID Service Monitor Microsoft Corporation
McrdSvc.exe 2556 868 K 2,856 K MCRD Device Service Microsoft Corporation
wmpnetwk.exe 2712 6,368 K 8,932 K Windows Media Player Network Sharing Service Microsoft Corporation
dllhost.exe 3528 2,500 K 6,460 K COM Surrogate Microsoft Corporation
alg.exe 3688 1,276 K 3,692 K Application Layer Gateway Service Microsoft Corporation
iPodService.exe 2284 3,280 K 5,880 K iPodService Module (32-bit) Apple Inc.
lsass.exe 872 4,124 K 6,520 K LSA Shell (Export Version) Microsoft Corporation
procexp.exe 2980 0.72 12,388 K 16,536 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
explorer.exe 1860 25,796 K 29,656 K Windows Explorer Microsoft Corporation
ZboardTray.exe 3280 1,640 K 4,480 K ZBoard TrayControl
Zboard.exe 3560 3,616 K 5,740 K Ideazon Zboard High level driver Ideazon
reader_sl.exe 1444 1,160 K 3,676 K Adobe Acrobat SpeedLauncher Adobe Systems Incorporated
msseces.exe 3424 5,244 K 10,312 K Microsoft Security Client User Interface Microsoft Corporation
iTunesHelper.exe 3484 11,636 K 16,384 K iTunesHelper Apple Inc.
jusched.exe 3544 1,348 K 3,720 K Java™ Update Scheduler Sun Microsystems, Inc.
TeaTimer.exe 3584 0.72 67,264 K 69,756 K System settings protector Safer-Networking Ltd.
sidebar.exe 3808 6,748 K 10,760 K Windows Sidebar Microsoft Corporation
sidebar.exe 1764 3.62 26,148 K 35,632 K Windows Sidebar Microsoft Corporation
RocketDock.exe 3324 7,560 K 12,392 K

#3 ciscojg407

ciscojg407
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 11 November 2011 - 01:10 AM

ok so now MSE is saying potentially unprotected, that i havent scanned in a while....i just ran a full scan and SSD sna....ARRGHHHH,,,,heeelp

Edited by Orange Blossom, 11 November 2011 - 03:09 AM.
Moved to AII from XP ~ OB





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users