Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Worm_medbot.ai Plus Unknown


  • Please log in to reply
1 reply to this topic

#1 aaalondon

aaalondon

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:32 PM

Posted 27 September 2006 - 06:03 PM

hello found this site again in looking for other malware till i came across my old post,
followed the scanning ad-aware, spybot,on this thread http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
then done Housecall Anti Virus i had already removed all the old java applications [had 3 or 4 versions] this will not run without java,
it self installed update 6 java and took a few hours to scan finding worn_medbot.ai plus other greyware this worn must be letting other threats start up when i surf the net.
read that its new and was only named 2 weeks ago some calling it diffrent names thing is i have had this a long while it turns off the windows firewall on start up copys a set up file and autorun file in shared folders[not every bootup - delete if u see them]
Housecall Anti Virus found and says removed it then Housecall Anti Virus done a second scan finding nothing
started pc up this evening im still sending more then receive bytes read that worn can restart it self on reboots so will scan housecall tomorrow as it takes hours
tried out the McAfee AVERT Stinger.
got bored and went out dont know it it found anything didnt say when i got back,
will let u know tomorrow about house call.
as for other threads u pointed out smss.exe file that wont budge shall i delete it manually it wont end in process says its a critical file
this smss.exe has been on my system over 6 months

BC AdBot (Login to Remove)

 


m

#2 TMacK

TMacK

  • Members
  • 4,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:B.C. Canada
  • Local time:10:32 AM

Posted 28 September 2006 - 12:58 PM

Here is some information taken from the M$ newsgroup,

What makes you think you need to close Smss.exe?
Smss.exe - You cannot end this process from Task Manager.
* This is the session manager subsystem*, which is responsible for starting
the user session. This process is initiated by the system thread and is
responsible for various activities, including launching the Winlogon and
Win32 (Csrss.exe) processes and setting system variables. After it has
launched these processes, it waits for either Winlogon or Csrss to end. If
this happens "normally," the system shuts down; if it happens unexpectedly,
Smss.exe causes the system to stop responding (hang).
http://support.microsoft.com/kb/263201
Note: smss.exe could also be a process which is registered as a trojan. Viruses with same name, smss.exe:W32.Dalbug.Worm,Adware.DreamAd,W32.Resdoc,Adware.Advision,Backdoor.IRC.Flood.F,Backdoor.IRC.Aladinz.O .
Update and run a full system Anti Virus and Anti Spyware scan in Safe Mode.
Some viruses and other malware like to conceal themselves
in areas Windows protects while using them. Safe mode will prevent those
applications access and therefore unprotect the viruses or other malware
allowing for easier removal.


Chaos reigns within.
Reflect, repent, and reboot.
Order shall return.

aaaaaaaa a~Suzie Wagner




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users