Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PROCESSES are being generated with random names....

Status
Not open for further replies.
Whitemtntn

Whitemtntn

IS-IT--Management
Nov 6, 2000
161
US
XP Home edition PC...
Randomly name generated Processes with names like UjoQfy.exe, HxG525x7.exe, Vgnnx.exe
As I "End Process" on each of these, another is immediately generated with a new name. Doing a search of the PC, these files don't even exist on the hard drive. (I have all hidden AND operating system files visible).
I have run a general virus check, McAfee Stinger, Symantec Klez removal, Symantec Blaster removal, SpyBot and AdAware, until all run clean.
But I cannot pinpoint where this is coming from.

These seem to be causing IE to suddenly generate 3-7 pop-up windows at any given time.

Any thoughts?
WhiteMtntn

 
Sort by date Sort by votes
Did you disable system restore before running removal tools? If you, do so, then attempt removal again.
 
Upvote 0 Downvote
You gotta when you're cleaning off virii, otherwise you get caught in an endless (and vicious) cycle....
 
Upvote 0 Downvote
I turned off System Restore and reran all my scans... it did not find anything, and those processes are still running...
 
Upvote 0 Downvote
I have read that article, and I have followed the directions within. I did turn off System Restore, and I rebooted my computer into Safe Mode. I then ran my scans and they have turned up nothing.
I then rebooted and those processes are still running....

 
Upvote 0 Downvote
That does not seem to be related to my problem. The strange thing is that these .EXE processes are not identified by Norton as viruses... I don't know what they are, but I can't get rid of them.
 
Upvote 0 Downvote
The random process symptoms do sound very virus-like. The opening IE windows sound like browser hijacking.

I'd like to make a couple of points that haven't been mentioned yet.....Is your Norton updated to the most recent definitions? McAffe Stinger is for a select few virii and does absolutely nothing for the many thousands of other virii. The Klez removal and Blaster removal tools will only do anything if you have one of those particular worms, for any other infection, they are useless. As with your normal virus scanner, Ad Aware & Spybot must be updated to the latest versions.

Try a couple of these online scanners faq760-3862 and have a look at some of this 'browser nasty' information faq608-3482 - specifically 'Hijack This'
 
Upvote 0 Downvote
I have Norton 2004 installed with the latest definitions, and I have run both Spy-Bot AND AdAware (both updated).
I do agree that it seems very virus-like, but Norton doesn't say so -- I did a full-system scan AND scanned the individual .exe files that are running. So far - no dice. I will check out the Hijack utility and maybe the online scan.

-Whitemtntn
 
Upvote 0 Downvote
These could possibly be generated by a BHO ( Browser Helper Object ) - may help...

see faq608-3482 for more spyware/adware/hijacking stuff.

<marc> i wonder what will happen if i press this...[pc][ul][li]please give feedback on what works / what doesn't[/li][li]need some help? how to get a better answer: faq581-3339[/li][/ul]
 
Upvote 0 Downvote
smah:

Did you ever find a resolution?

I had the same problem on my home PC. I finally got rid of the processes, by repeatedly doing end tasks on them.

It took a while, because they kept regenerating themselves.

I've got alot of virus detectors also, and none of them found anything wrong.

I still don't know where they came from.
 
Upvote 0 Downvote
Has manarth said this could be caused by BHO. What you have is adaware that is placed on your machine to produce advertisment pop-ups even when you are not surfing. Download Spybot at Once you download and install update it then scan your system. This product will do a very good job of cleaning spyware and adaware off your system.

&quot;evil prospers when good men do nothing”
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

xit
  • Locked
  • News
Just a sad, sad story. What are people thinking? 2
Replies
4
Views
94
edfair
edfair
2ffat
  • Locked
  • News
Lenovo isn't the only one with bad certificates 5
Replies
6
Views
185
2ffat
2ffat
DrB0b
  • Locked
  • Question
Crytowall 3.0 and How I dealt with it 2
Replies
7
Views
143
DrB0b
DrB0b
BionicJohn
  • Locked
  • Question
URUASY.A Ransomware Trojan - Help needed with removal
Replies
6
Views
117
BionicJohn
BionicJohn
dcranford
  • Locked
  • Question
Outbound random traffic - source port increments by 1
Replies
3
Views
81
dcranford
dcranford

Part and Inventory Search

Sponsor

Back
Top