Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

found prunnet.exe today 3/23/09

Started by manhang , Mar 23 2009 09:01 PM

  • Please log in to reply

#1
manhang
Posted 23 March 2009 - 09:01 PM

manhang

    New Member

  • Member
  • Pip
  • 2 posts
Hi there,

I am completely new to the forums but have done some search and feel like this is the place to ask for help. Today around 3PM I installed an addon for firefox called adblocker or something and got an iexplorer popup. I thought that strange and when it happened a second time. I hit ctrl+alt+del and found a new process running called prunnet.exe. I killed it, deleted it from system32 folder, but firefox continued to behave oddly. Links lead to ad sites, popups continued in firefox, slow speeds and unable to access antivirus. Searching for awhile I found similar posts on these forums and wonder if you guys can do anything to help.

Rooter log

Microsoft Windows XP Professional (5.1.2600) Service Pack 2

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:38154 Mo/Free:1652 Mo)
D:\ [CD-Rom] (Total:416 Mo/Free:0 Mo)
E:\ [CD-Rom] (Total:480 Mo/Free:0 Mo)
F:\ [Fixed] - NTFS - (Total:152617 Mo/Free:919 Mo)
G:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
H:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Tue 03/24/2009| 0:03

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\system32\nvsvc32.exe
---------- C:\WINDOWS\system32\HPZipm12.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\Explorer.EXE
---------- f:\documents and settings\dianchuoidi\my documents\download\dinh86n\warcraft iii\war3.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!


----------------------\\ Cracks & Keygens..

C:\DOCUME~1\abc\Desktop\Isilo Full with KeyGen by blackMoon\eMule0.47c.zip
C:\DOCUME~1\abc\Desktop\Isilo Full with KeyGen by blackMoon\iSilo432W32Setup.exe
C:\DOCUME~1\abc\Desktop\Isilo Full with KeyGen by blackMoon\keymaker.exe


1 - "C:\Rooter$\Rooter_1.txt" - Tue 03/24/2009| 0:03

----------------------\\ Scan completed at 0:03

I have attached the logs from OTListIt. I had to split them into three parts. Any suggestions?

Attached Files


Edited by manhang, 23 March 2009 - 11:34 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP