Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Which Files Are Malicious


  • Please log in to reply
3 replies to this topic

#1 DebraJess

DebraJess

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 18 June 2006 - 09:02 AM

Hello,

I'm looking for help in figuring out which programs in my Zone Alarm Program Control list are malicious. I look at the list fairly frequently and lately there have been a lot of additions that I'm not familiar with. I've "killed" most of them, but one shut my compouter down when I killed it, so I figure from now on it's better to ask first before killing the program. I'm not looking to try and remove anything just yet. I'm really not tech savvy enough to try and do that. But if I can just stop them through Zone Alarm, that would be fine for now. I run Windows XP Home Edition, use Zone Alarm Pro, and Norton Anti-Virus. I also run Spybot Search & Destroy fairly regularly.

Any advice on one or more of these programs would be appreciated. Thank you!!



Add/Remove Programs Install Date Fix - this is listed 8 times, which has my suspicious

ALEUPdate

ChngeVer - this is listed 6 times

CLR JIT Handler and Remote Host

Creativity_E MFC Application - listed twice with different icons

DbMirror.bz

DRM Migrate EXE

E_DMSG00

EPUTIX24EXE

FEXMAPl 1.0 MAPI Repair Tool

GLJ64.tmp

host.exe - this has a Quicken icon next to it. I do use Quicken, but I don't remember seeing this on my program list before

iPod Service Module - I don't own an iPod, but I do have iTunes, and I hadn't see the iPod module before.

ltmsg - has a littel telephone icon next to it

LuCallBackProxy Module

LuProdRg.exe - I pretty sure this is malicious, just would like confirmation

LuSetUp.exe - has a Symatic like icon next to it

NavCmd2RedUpdt.exe

Netropa ® Onscreen Display

Netropa™ Hot Key

NSCSettingsPatches.exe

Object 800009fc - there are 28 different Objects listed with different numbers all starting with 80000

Omnigrate.exe

QWPatch.exe - this has a Quicken like icon next to it. I do have Quicken, but don't remember this program being listed before

Registry Editor

RESTARTEXE.EXE

SAPISVR 5

ScanToApp MFC Application

ScanToFile Microsoft ??????

selfextr

Self-Extracting Cabinet -This is listed 10 times

Setup Lancher - this has an icon that looks list a carboard box overflowing with paper

setup.exe - this has an icon that makes me think of AOL, it's a triagle tilted on its side with a circle in the center.

SLinst.exe

SPBBC Service

Spooler Subsystem App

SYMCDEFSI32.EXE - this is listed twice, once in caps, once in lower case letters

tb_setup.exe - this has been on my computer for a while. I killed it a long time ago and was told it couldn't be removed. I just need to know if someone ever figured out how to remove it.

update32.exe

Userinit Logon Application

Verify Class ID

Viewpoint Media Player MtsAxlnstaller

Viewpoint.exe - I can't really see what this icon is, it's too small, but it's green and blue.

WMI - I do believe this is malicious, but not sure. It's listed twice

BC AdBot (Login to Remove)

 


m

#2 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:08:40 AM

Posted 18 June 2006 - 10:44 AM

Looks like you may have a couple of malicious programs there.
I suggest you post a HijackThis log for examination.
A member of the HijackThis Team will walk you through, step by step, how to disinfect your computer.
Once you post your log, don't make any changes to your system, as that could change the results of the posted log, making it difficult to properly clean your system.

Read Preparation Guide for use before posting a HijackThis Log.
Please read, and follow, all directions carefully!!!

Then, run a log, and post it in the HijackThis forum, at this link. Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
It may take a while to get a response, because the HJT Team are very busy. Please, be patient, as these people are volunteers. They will help you out, as soon as possible.

NOTE:
Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#3 DebraJess

DebraJess
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 18 June 2006 - 01:07 PM

Looks like you may have a couple of malicious programs there.
I suggest you post a HijackThis log for examination.


Thank you for your response. I'm sorry, but I'm new at this. I'm assuming that "Hijack This" is some sort of freeware or shareware? Where can I download it safely?

Thank you

DJ :thumbsup:

#4 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:03:40 PM

Posted 18 June 2006 - 02:02 PM

DebraJess- if you follow the link for the Preparation Guide Before Posting A HijackThis Log, you will find a download link. Please make sure that you follow all of the steps of this; as it could help to remove some malicious files, prior to an expert helping you.
HijackThis is a program that scans your computer's registry, in locations where sypware and viruses are normally found. Please do not try to use this tool by yourself to fix your computer- there will be many legitimate entries in the log, which there is no need to remove.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users