Featured Worklog
Price Search
PC Apex Sponsor
PC Apex Sponsors
PC Apex RSS Feeds
| |||||||
| Windows OS Problems General Windows OS issues. |
 |
| | LinkBack | Thread Tools | Display Modes |
02-July-05, 04:24 PM
| #1 (permalink) | |
| Apex Tech God  |  How the hell did i get a virus?! Ok, my computers been a little weird latley, a little slow and the task manager wouldn't open... I ran adaware and spybot, they didnt find anything more than usual, but i didnt really notice anything else. Then today i get home and theres an illegal operation message up for "msiexec32.exe", which i dont recognize. So i googled it, and its a virus. My main question though is how? It says it infects word and powerpoint files, and i dont even have office installed. I cant remember the last time i opened IE for anything, i uninstalled outlook, my system is up to date (relativly, no SP2), i'm behind a firewall, the only things i've downloaded in the past few days were some ATHF eps that i didnt have and a couple of mp3s and the last program i installed was google earth. Anywho, i care less about how i got it (still gonne bug the hell out of me though) than how to remove it. Does anyone know where i could get a removal tool or something for this? I dont have norton or mcafee and im pretty broke at the moment. Not that i really feel like i need either since this is the first virus ive gotten in a year of operation... Secondly, does anything else look out of sorts here? Lotta processes i know, but i have a lot of stuff running... I'm not much of an OS tweaker, anybody got any tips on cutting this list down some? What does all this ati and creative stuff do anyway? | |
|  | |
|
02-July-05, 05:04 PM
| #4 (permalink) | ||||||||||||||||||||||||
| Apex Tech God  |
I can tell you a few stories of that....its getting bad on BT with Spyware especially on the pr0n section. Mind you it seems like an RIAA shoot at driving people off BT. I'd also check your e-mail scanner options if you use an outlook/thunderbird ISP address - or one in your network (if you have one ofcourse). | ||||||||||||||||||||||||
|
| | ||||||||||||||||||||||||
|
02-July-05, 05:11 PM
| #5 (permalink) | |
| Apex Tech God | I havnt used BT in weeks, and that was the new knoppix ISO, months before that. No i dont have e-mail protection on since i uninstalled outlook and only use gmail, havnt even checked my hotmail in like a month... My parents computer is on the same network, they use outlook, but they havnt said anything to me about suspicious emails. I disabled preview and everything for them, and they usually double check with me before opening anythng suspicious. I'll run a scan on theirs later. Is there anyway i could get norton to scan my box from theirs? Or are there any free AV progs? I'm broke as hell, and as i said, its not like it would be worth buying one since this is the only infection i've gotten on this comuter ever. | |
|
| | |
|
02-July-05, 05:17 PM
| #6 (permalink) | |
| Apex Tech Demi-God  | You could this free online virus scan: http://housecall.trendmicro.com/ You could also get AVG, or Avast, both are free: http://www.grisoft.com http://www.avast.com/ Also, try HijackThis before you do anything: http://www.majorgeeks.com/download3155.html | |
|
| | |
|
02-July-05, 05:41 PM
| #9 (permalink) | ||||||||||||||||||||||||
| Apex Tech God |
I did mention that in my first post, how? Really all i need open that i know of is trillian, creative system volume, motherboard monitor, sata raid and ati remote wonder, at least thats whats in my system tray. I dont even really know what most of the other stuff does... | ||||||||||||||||||||||||
|
| | ||||||||||||||||||||||||
|
02-July-05, 06:02 PM
| #10 (permalink) | |
| Apex Master Tech  | check for trojians - one could have been there for along time downloading virus's I lost a hard disk to virus's because I had to wipe the boot sector but even though I used the right tool the hard disk never worked properly with an os on it. So I changed every bit on the hard disk to 1 but that hevey stress caused the old hard disk to mechanicly die. All because a stupid trojian downloaded 40+ virus's  As for the bit torrent spyware thing it shouldent happen as bad torrents should be voted off and the recent news about it was manufactured by the RIAA. | |
|
| | |
|
02-July-05, 06:28 PM
| #11 (permalink) | ||||||||||||||||||||||||
| A George Orwell fan...sorta  |
First, go into your Real Player properties and turn off the o[ption for automatically starting with Windows to get rid of realsched.exe jusched.exe is for Java Console I believe, if not, something to do with Sun's java. ati2evxx.exe is also unnecessary and has 2 instances (I always stop that process after a restart) spoolsv.exe can go wdfmgr.exe can go AtiSched.exe can go (unless this is for tv program listings as I am assuming the ATIRW.exe is for the AIW stuff) threat.exe looks suspect viewmgr.exe is for your Viewpoint Media Player plug-in Not sure about VsTaskMngr.exe wbload.exe is for Window Blinds MsPMSPSv.exe is for WMP access for a portable music device and can go if you don't use a portable device. If you want to do your own research, try this link: http://www.answersthatwork.com/Taskl...s/tasklist.htm | ||||||||||||||||||||||||
|
| | ||||||||||||||||||||||||
|
02-July-05, 06:47 PM
| #12 (permalink) | |
| a.k.a., Frank Bullitt  | Here.......the ones underlined in "yellow" don't need to be running and can be diabled by going to RUN and typing MSCONFIG and going to the last tab "startup" and unchecking those items. The one's underlined in "red" are suspect and would get rid of them. Those ATI I would allow to run as they are part of the ATI drivers system.  | |
|
| | |
|
02-July-05, 06:51 PM
| #13 (permalink) | ||||||||||||||||||||||||
| A George Orwell fan...sorta |
I have a 9800 Pro and stopping the ati2evxx.exe (both instances) have no effect that I can tell, even when gaming. All these are for is for ATI Hotkeys. | ||||||||||||||||||||||||
|
| | ||||||||||||||||||||||||
|
02-July-05, 06:54 PM
| #14 (permalink) | ||||||||||||||||||||||||
| a.k.a., Frank Bullitt |
Really...........ok.....................it doesn't seem to hurt my performance leavin them | ||||||||||||||||||||||||
|
| | ||||||||||||||||||||||||
|
02-July-05, 06:57 PM
| #15 (permalink) | ||||||||||||||||||||||||
| Apex Tech God |
Thanks, thats what i wanted to know. The two underlined in red are there intentionally. Ares is, well, ares, and i dont wanna discuss it here, and threat.exe is this.  | ||||||||||||||||||||||||
|
| | ||||||||||||||||||||||||
|
02-July-05, 07:02 PM
| #16 (permalink) | ||||||||||||||||||||||||
| a.k.a., Frank Bullitt |
LOL.....Okay.........do those two load on startup?? | ||||||||||||||||||||||||
|
| | ||||||||||||||||||||||||
|
02-July-05, 07:07 PM
| #17 (permalink) | ||||||||||||||||||||||||
| A George Orwell fan...sorta |
Here is my source from Answers That Work's Task List Programs reference: ATI External Event Utility EXE Module. Another background task which gets installed when you install ATI display drivers. Under Windows NT4/2000/XP/2003 the service registers as the “ATI Hotkey Poller†and further investigation shows that it is related to the handling of various ATI Hotkeys which bring up specific ATI utilities. Not only is this facility useless to 99.99% of users, but there is also no documentation anywhere on those ATI hotkeys !! Additionally some of our more inquisitive users have been able to prove that ATI2EVXX can sometimes be an incredible resource hog using up to 85% of CPU utilization !! Older versions of this background task show up as ATIPOLAB in the Task List. Recommendation : Disable on the Startups tab of The Ultimate Troubleshooter in Windows 95/98/ME. If you cannot find it on the Startups tab, then read about ATIPTAXX below and disable that task as it often is the task that starts ATI2EVXX. In Windows NT4/2000/XP, go to the Services tab of The Ultimate Troubleshooter, find the ATI Hotkey Poller service and set its Startup Mode to Disabled. | ||||||||||||||||||||||||
|
| | ||||||||||||||||||||||||
|
02-July-05, 07:17 PM
| #18 (permalink) | |
| Apex Tech Demi-God | Black Viper has a good guide for core system processes. He explains each of them quite well: http://dhost.info/kyeu/mirror/blackviper/ For application processes, use common sense / trial and error. | |
|
| | |
|
02-July-05, 09:39 PM
| #20 (permalink) | ||||||||||||||||||||||||
| Apex Tech God |
54 viruses detected, no worm/trojan horse detected. Ooook.... Deleted... time to restart. EDIT:Hrm, "Task Manager has been disabled by your administrator.", still... goddamnit. I think i disabled the realsched thing, but im not sure, and i disabled the atisched, but now i get a message about it every time i start up my tv.  EDIT:Good news, my powermate knob stopped working again, so i finally looked for new drivers and now its working like its supposed to finally.  Still cant get into the task manager, dont feel like screwing with it more right now...Last edited by Cyno01; 02-July-05 at 10:19 PM.. | ||||||||||||||||||||||||
|
| | ||||||||||||||||||||||||
|
| Bookmarks |
| Thread Tools | |
| Display Modes | |
Linear Mode
| |
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| The Register // <abbr title="Bastard Operator from Hell">BOFH</abbr>: Data wiping hell | Gizmo | The Register RSS | 0 | 03-November-06 07:42 PM |
| Virus Alert: Worm exploits tsunami to spread virus | Lokie | PC Apex Web News | 2 | 18-January-05 11:27 AM |
| The Register // Czech virus writer joins anti-virus firm | Gizmo | The Register RSS | 0 | 09-November-04 03:06 AM |
| ...What the hell? | XtaSy | Anything Goes | 10 | 21-February-04 04:15 PM |
| Virus Alert: The virus known as MyDoom | Lokie | PC Apex Web News | 0 | 26-January-04 10:05 PM |
All times are GMT -5. The time now is 04:07 PM.
Advertisements
