Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

What the heck is windowx.exe? 3

Status
Not open for further replies.
Chambers

Chambers

IS-IT--Management
Jan 19, 2001
257
US
Hey guys, anyone know what process is windowx.exe? I have this running in my task manager and have no clue what it is. Anyone have a clue?
 
Sort by date Sort by votes
Congratulations,
You have a yet to be reported malware.

Unless you are using Wine or other Linux emulators, kill the process in Task Manager.

Start, Search, windowx*.*
rename any entries you find.

Do steps #1 - #4 here, but If it is brand new they may not see it: faq608-4650

Use Panda, Trend Micro and Symantec as choices.

Then post a Hijack This log here. Instructions are in the FAQ above.


 
Upvote 0 Downvote
[pc3]

Here's a lead (maybe) —


Look at the "fine print"

Editor and Composer Download Arachnophilia 5.2, build 1902 (06/29/2003) (Java) Windowx Exe

May not be of much help though - a Java search turned up a zero.

Are you dual processing with Linux? Just a thought.

By the way - that site evidently deals with spider fear. Something I haven't the slightest interst in. NO FEAR!
 
Upvote 0 Downvote
Ran through all the steps and nothing was picked up; Here's the log file, thanks for the help!!

Logfile of HijackThis v1.97.7
Scan saved at 3:14:14 PM, on 1/13/2004
Platform: Windows 2000 SP1 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\System32\drivers\CDAC11BA.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Documents and Settings\chuck\Desktop\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.10.0.15:8080
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [xkstartup] RunDll32 insxk50c.dll,SetUsbPrinterPort
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\RunServices: [Time Manager] WindowX.exe
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
 
Upvote 0 Downvote
Not running linux at all. I came up with that with a google search also but it didn't look like what this program is. Thanks for the help though, I appreciate it!!
 
Upvote 0 Downvote
Hmmm...I smell somehting stinky.

This entry:
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
...seems to be tied to this site:

And if you read their "End User License Agreement" -- while they state "ALL APPLICATIONS ARE SPYWARE FREE,"
it declares in the paragraph preceeding this note that: "ALL OF OUR APPLICATIONS COME WITH THE MYWEBSEARCH™ BROWSER PLUGIN"

I'm not pointing fingers or anything........
.....nor can I put together windowx.exe and Cursor Mania, but...

"'Tis an ill wind that blows no minds." - Malaclypse the Younger
 
Upvote 0 Downvote
*&*%$#(*$#&@!!!!!

Just nosing around on that site got me hijacked.
Have to clean my machine off now.
Shall return shortly....toodles!

&^@$&@*&#@)(@&^!!!!!

"'Tis an ill wind that blows no minds." - Malaclypse the Younger
 
Upvote 0 Downvote
Holy Crap!! Sorry about that Carrr, looks like that may be some part of the problem. Wondering if windowx.exe is tied to that??
 
Upvote 0 Downvote
Chambers,
No, No. Not your fault one bit...I was a bit careless, is all.

My pride is now bruised....I haven't picked up anything like that in a long time. Oh well...reset the timer.

"'Tis an ill wind that blows no minds." - Malaclypse the Younger
 
Upvote 0 Downvote
Did you, to your knowledge, install this Cursor Mania product? If so, you might consider removing it and see if the mystery file goes with it.

I didn't find such a file on my machine, once infected. Rather, I saw a mwoemon show up in my Task Manager. It was quite easy to get rid of the pest, just removed everything via Control Panel > Add/remove programs



"'Tis an ill wind that blows no minds." - Malaclypse the Younger
 
Upvote 0 Downvote
Chambers
If possible, I would install SP4 on your box and then get the latest Windows updates as well, just to be safe.

John
 
Upvote 0 Downvote
carr,

If it makes you feel any better, I screwed my main machine trying last week to answer a Hijack log in the Browser forum.

The security guys who do this (bravely and seemingly like a real job) re-image their machines several times a day.

I am neither that brave, nor willing to give up a "real" job to look and explore Hijack posts. Plus, my eyes could not stand the strain of these listings.

Hence, faq608-4650

But, on point, have Hijack remove this entry:
O4 - HKLM\..\RunServices: [Time Manager] WindowX.exe

Reboot into Safe Mode.

Start, Search, windowx.exe
rename the file.
Reboot into normal mode.



 
Upvote 0 Downvote
Nope, none of those were installed, also can't do sp4 since it's incompatable with a few programs we run.
 
Upvote 0 Downvote
bcastner,

I am humbled.
I totally overlooked the windowsx.exe that was right in front of my eyes.
Excellent catch.

<....grumble, grumble, grumble....>


&quot;'Tis an ill wind that blows no minds.&quot; - Malaclypse the Younger
 
Upvote 0 Downvote
Chambers,

Check that incompatability issue thoroughly. I have yet to see one that cannot be overcome other than some VPN software, where updates are promised.

Check with the vendors. This is a very fluid situation and what may have been impossible last week is promised by end 1st quarter 2004. And ask twice, the first respondent should not be viewed as authoratative.
 
Upvote 0 Downvote
Thanks for the help guys, I appreciate it!!!
 
Upvote 0 Downvote
carr,

Quote: I am neither that brave, nor willing to give up a &quot;real&quot; job to look and explore Hijack posts. Plus, my eyes could not stand the strain of these listings.

Hence, FAQ608-4650

Endquote

Best to you,
Bill
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pmonett
  • Locked
  • Question
What is this now ? 1
Replies
8
Views
634
pmonett
pmonett
hamburg18w
  • Locked
  • Question
Task Host is Stopping the Shutdown
Replies
1
Views
392
Ign3us
Ign3us
Miluis
  • Locked
  • Question
What application do you use
Replies
8
Views
284
2ffat
2ffat
Flinx
  • Locked
  • Question
the SAGA of trying to get a computer to sleep and wake up on a schedule
Replies
1
Views
581
Flinx
Flinx
jjjthird333
  • Locked
  • Question
rename a doamin computer when it is offline?
Replies
3
Views
231
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top