Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

found prunnet.exe today 3/23/09

Started by manhang , Mar 23 2009 09:01 PM

  • Please log in to reply

#1
manhang
Posted 23 March 2009 - 09:01 PM

manhang

    New Member

  • Member
  • Pip
  • 2 posts
Hi there,

I am completely new to the forums but have done some search and feel like this is the place to ask for help. Today around 3PM I installed an addon for firefox called adblocker or something and got an iexplorer popup. I thought that strange and when it happened a second time. I hit ctrl+alt+del and found a new process running called prunnet.exe. I killed it, deleted it from system32 folder, but firefox continued to behave oddly. Links lead to ad sites, popups continued in firefox, slow speeds and unable to access antivirus. Searching for awhile I found similar posts on these forums and wonder if you guys can do anything to help.

Rooter log

Microsoft Windows XP Professional (5.1.2600) Service Pack 2

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:38154 Mo/Free:1652 Mo)
D:\ [CD-Rom] (Total:416 Mo/Free:0 Mo)
E:\ [CD-Rom] (Total:480 Mo/Free:0 Mo)
F:\ [Fixed] - NTFS - (Total:152617 Mo/Free:919 Mo)
G:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
H:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Tue 03/24/2009| 0:03

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\system32\nvsvc32.exe
---------- C:\WINDOWS\system32\HPZipm12.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\Explorer.EXE
---------- f:\documents and settings\dianchuoidi\my documents\download\dinh86n\warcraft iii\war3.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!


----------------------\\ Cracks & Keygens..

C:\DOCUME~1\abc\Desktop\Isilo Full with KeyGen by blackMoon\eMule0.47c.zip
C:\DOCUME~1\abc\Desktop\Isilo Full with KeyGen by blackMoon\iSilo432W32Setup.exe
C:\DOCUME~1\abc\Desktop\Isilo Full with KeyGen by blackMoon\keymaker.exe


1 - "C:\Rooter$\Rooter_1.txt" - Tue 03/24/2009| 0:03

----------------------\\ Scan completed at 0:03

I have attached the logs from OTListIt. I had to split them into three parts. Any suggestions?

Attached Files


Edited by manhang, 23 March 2009 - 11:34 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP