Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspicious Programs In Za, Sluggish Pc


  • Please log in to reply
3 replies to this topic

#1 psion

psion

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:09 AM

Posted 10 May 2007 - 09:29 AM

PC Specs:

Windows XP SP2
C2D T7200 2GHz
1GB RAM
120GB HDD
ATI Mobility X1700

I've noticed a recent sluggishness in my PC's performance:
-start-up slowness between wallpaper-loading and a useable-state (4 minutes)
-slow application loading
-laggy performance when using 2 or more programs
-CPU and RAM usage are NOT unusually high

I've run scandisk, disk-cleanup, and registry cleaner(TuneUp). Also scanned the PC using ZoneAlarm Antivirus and Antispyware, Adaware, Superantispyware, AVG Anti-rootkit Free. All to no avail. The sluggishness remains.

I've noticed the following suspicious software under 'Program Control' in Zonealarm Suite:
-ation
-ati
-appstop.exe
-set
-set21.tmp
-nsqf.tmp
-exe

I've put these programs' 'Trust Level' as 'Kill', but some surprisingly allow themselves thru the firewall again after a reboot.

Also, I have an entry called 'AuditionSEA' under 'Add or Remove Programs'. It is a game which I had already uninstalled. However, this entry is highly suspicious, with a weird icon and installation size of 28GB. No such space is taken up on my HDD. Each time I click on 'Remove', it launches either 'ation' or 'nt.' (ZA alerts). Seconds later, an error reporting message pops up.

Please advice.

Edited by psion, 10 May 2007 - 09:59 AM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,470 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:09 PM

Posted 10 May 2007 - 10:13 AM

Have you tried doing your scans in "SAFE MODE"?

It looks like you have some suspicious files there. Anytime you come across a suspicious file for which you cannot find any information about, you can submit it to jotti's virusscan or virustotal.com. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.

Determining whether a file is malware or a legitimate process sometimes depends on the location (path) it is running from. You can download and use Process Explorer to investigate all running processes and gather additional information to identify and resolve problems. This tool will show the process CPU usage, a description and its path location.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 psion

psion
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:09 AM

Posted 10 May 2007 - 01:06 PM

Hi quietman7,

I have not tried scans in Safe Mode. Will do so.

Thank you for the links. However, the path of some files are blank in ZA, and a Search turns up nothing. Could they already be deleted?

Process Explorer does not show up any suspicious processes, and all processes are running from legitimate locations. However, the PC is still sluggish, with the harddisk very busy from time to time.

How do I remove the malicious "Add or Remove Programs" entry?

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,470 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:09 PM

Posted 10 May 2007 - 01:36 PM

If you already removed AuditionSEA and only the entry is showing in Add/Remove, then its probably an orphaned entry.

You can download and use the Add/Remove Program Cleaner utilitity to remove entries that are broken in Add/Remove and cannot be removed by running the uninstall program or try using a third party program like MyUninstaller. If the programs is listed, right-click and use the option to "Delete the selected entry".

You can also read these instructions from Kellys Korner on Removing Invalid Entries in Add/Remove Programs. This step involves making changes in the registry. Always back up your registry before making any changes. If you are not familiar with working in the registry, then you should NOT attempt to make any changes on your own. Improper changes to the registry could adversely affect your computer and render it inoperable.

Forgot to mention, we also have a tutorial on "How to Manually Remove Programs from the Add/Remove Programs List".

Also if your computer seems to be slow, read Slow Computer/Browser? Check here first; it may not be malware. There are reasons for slowness besides malware - i.e. disk fragmentation, disk errors, corrupt system files, too many startup programs, unnecessary services running, not enough RAM, dirty hardware components, etc. As your system gets older it becomes filled with more files/programs and has a natural tendency to slow down so cleaning and regular maintenance is essential.

Edited by quietman7, 10 May 2007 - 01:42 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users