It just doesn't disapear (BTW I'm running XP w/sp1, and yes I did search, found two or three threads on it, did help find more things, but they keep coming back). Housecall found it in the registry, and cleaned it, but it still comes back every reboot. pc-cillin doesn't even notice it's there, which is odd because they're both by trend, but I dunno, maybe my exe's are getting infected by something else. Rav didn't find anything, and neither did panda's online av's. symantec's is running right now as I type but it's not looking like it's finding anything. I also seemed to have a constant connection to either 216.152.77.10 or some p0rnostar.de site both using port 6667. I've blocked it's connection ability and it seems to have stopped this annoying popup for a web "thug" site. Everything I've tried to get it off doesn't work. System restore is disabled, I've turned off numerous services which might have helped it. None of my processes seem to be spreading it, tried safe mode/scan/regedit. Can't figure it out. I know it's not on my home network, disabled the NIC and unplugged it from my hub/router and it still came up. I'm running out of ideas fast. Just in case, I'll list the processes that are running now, and if I know what they are or not: (be warned, this may get long winded, but I want to give good details if I can)
aim.exe (err... aim.. aol instant messanger)
csrss.exe (client server runtime process)
cthelper.exe (all signs are pointing towards this being for my SBLive! software, it was in 9x)
explorer.exe (uh... do I have to explain this? maybe it's corrupted)
iexplorer.exe (this window right here)
lsass.exe (I've no idea, some shell program I think)
ntvdm.exe (no clue, nt virtual device manager?)
pccclient.exe (pc-cillian software)
pccguide.exe (see above)
pccpfw.exe (same)
pop3trap.exe (same, trying to disable, don't have pop3 email on my comp)
services.exe (suspected, but it won't let me end/move/copy/view/anything, so it seems safe)
smss.exe (win nt's session manager?)
srv.exe (server program, I think. I am very very suspicious of this file, it seems too out of place with server.exe and others running plus the fact it seems to have been created... 5 days ago, but I'm not 100% sure and would rather get some feedback b4 I start nuking files)
svchost.exe x 4 (service host)
taskmgr.exe (hehe task manager to view all these)
tmntsrv.exe (first i thought it was teenage mutant ninja turtle server, but it turns out to be a pc-cillin program)
tmproxy.exe (yet another cillin program)
winlogon.exe (windows logon yes?)
annnd that's them all. If anyone has any clue what's going on or if I should just take a baseball bat to the drive and call it a night, any help would be most appreciated, even if it's a simple "you're stupid, all those are normal and the connection is too". Well, maybe not that part... If any additional info is needed or if this post needs to be erased... just post.
BTW, sorry for the length. Maybe this will help someone else out as well, or maybe someone will learn something from it... beyond the fact that I'm nuts.
-----
It takes 43 muscles to frown and 17 to smile, but it doesn't take any to sit there with a dumb look on your face.
aim.exe (err... aim.. aol instant messanger)
csrss.exe (client server runtime process)
cthelper.exe (all signs are pointing towards this being for my SBLive! software, it was in 9x)
explorer.exe (uh... do I have to explain this? maybe it's corrupted)
iexplorer.exe (this window right here)
lsass.exe (I've no idea, some shell program I think)
ntvdm.exe (no clue, nt virtual device manager?)
pccclient.exe (pc-cillian software)
pccguide.exe (see above)
pccpfw.exe (same)
pop3trap.exe (same, trying to disable, don't have pop3 email on my comp)
services.exe (suspected, but it won't let me end/move/copy/view/anything, so it seems safe)
smss.exe (win nt's session manager?)
srv.exe (server program, I think. I am very very suspicious of this file, it seems too out of place with server.exe and others running plus the fact it seems to have been created... 5 days ago, but I'm not 100% sure and would rather get some feedback b4 I start nuking files)
svchost.exe x 4 (service host)
taskmgr.exe (hehe task manager to view all these)
tmntsrv.exe (first i thought it was teenage mutant ninja turtle server, but it turns out to be a pc-cillin program)
tmproxy.exe (yet another cillin program)
winlogon.exe (windows logon yes?)
annnd that's them all. If anyone has any clue what's going on or if I should just take a baseball bat to the drive and call it a night, any help would be most appreciated, even if it's a simple "you're stupid, all those are normal and the connection is too". Well, maybe not that part... If any additional info is needed or if this post needs to be erased... just post.
BTW, sorry for the length. Maybe this will help someone else out as well, or maybe someone will learn something from it... beyond the fact that I'm nuts.
-----
It takes 43 muscles to frown and 17 to smile, but it doesn't take any to sit there with a dumb look on your face.
