Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

strange prog running


  • Please log in to reply

#1
Britmum

Britmum

    Member

  • Member
  • PipPip
  • 12 posts
OK, so I've tried Hijack this, regisrty mechanic, and I still have a annoying program using between 89 and 99% of CPU. the name of the program changes every time I either manually try to delete, or shutdown and restart. This is ruining my weekend!! HELP!!!
  • 0

Advertisements


#2
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
Welcome Britmum <_<

Let us take a closer look at what is running on your PC. We'll need you to use a free diagnostic tool (HiJackThis) and post a log back here with the results.

Click the HijackThis Guide in my signature, download it and follow the instructions in the guide.

Most of what it lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.
  • 0

#3
Britmum

Britmum

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Ok, here is the latest!
Logfile of HijackThis v1.97.7
Scan saved at 3:16:00 PM, on 4/18/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\realtime.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\Mph8.exe
C:\WINNT\System32\Bio9fQ88.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 2 for hjt[1].zip\HijackThis.exe

O4 - HKLM\..\Run: [2SWZKN82R5K47C] C:\WINNT\System32\Cjo9g.exe
O4 - HKLM\..\Run: [PCDRealtime] C:\WINNT\realtime.exe
  • 0

#4
Smokey

Smokey

    Member 1K

  • Retired Staff
  • 1,423 posts
Doesn't look like you posted the whole log. Please copy and paste the complete log <_<.
  • 0

#5
Britmum

Britmum

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Nope this is it! I already ran Hijack today and cleared all the rubbish! It seems to be the Cjo9g.exe that is the problem!!
  • 0

#6
Smokey

Smokey

    Member 1K

  • Retired Staff
  • 1,423 posts
It's a Pepper infection. First, we need to remove the pepper trojan. Download this file, run, and let terminate (it won't appear to have done much :D ):

http://home.iprimus....peperuninst.exe

Then please reboot, and post a new log. <_<
  • 0

#7
Britmum

Britmum

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Cheers! Will do!
  • 0

#8
Britmum

Britmum

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Here is the latest! Looks good!! You are a god!!
Logfile of HijackThis v1.97.7
Scan saved at 4:22:54 PM, on 4/18/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\realtime.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\crypserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINNT\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 2 for hjt[1].zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/...rch/search.html
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PCDRealtime] C:\WINNT\realtime.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
  • 0

#9
Smokey

Smokey

    Member 1K

  • Retired Staff
  • 1,423 posts
A whole log looks something like this:

http://www.geekstogo...?showtopic=1031

I guess that is your entire log. Are you still having any problems?
  • 0

#10
Britmum

Britmum

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
the nasty little bug has left!! thanks - now I have to sort out daughters laptop - can't get on internet!!
  • 0

#11
Smokey

Smokey

    Member 1K

  • Retired Staff
  • 1,423 posts
Congratulations! Your system is CLEAN <_<

If everything seems to be working okay you can delete the Hijack This folder.

How do you prevent spyware from being installed again? We strongly recommend installing SpywareBlaster (it's free for personal use).

Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
Restrict the actions of potentially dangerous sites in Internet Explorer.
Consumes no system resources.

Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page.
Link to SpywareBlaster: http://www.javacools...areblaster.html

VERY IMPORTANT:
It's also very important to keep your system up to date to avoid unnecessary security risks. Click Here to make sure that you have the latest patches for Windows.

Try Winsock fix to repair your Internet:
http://www.spychecke...nsockxpfix.html
  • 0

#12
Britmum

Britmum

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Thanks for all your help! Am currently re-installling her Windows XP as we can't even get on the internet to download repairs!!!
Yeah - and vacation week has only just begun!!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP