Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

strange process running


  • This topic is locked This topic is locked

#1
ktownkatman

ktownkatman

    Member

  • Member
  • PipPipPip
  • 168 posts
Just recently saw. seems very strange. very particular... uses between 3 and 7KB or mem space. when i try and close it just coms right back. Myabe the cause of hijackthis not running?? Mysterious.......
  • 0

Advertisements


#2
Cranky

Cranky

    Member

  • Member
  • PipPipPip
  • 131 posts
ktownkatman

Read this.

http://www.bleepingc....exe-12025.html
  • 0

#3
ktownkatman

ktownkatman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts
roflmao just did a virusscan on the file from http://virusscan.jotti.org/. Here' my results:



File: libsys32.exe
Status: INFECTED/MALWARE
MD5 7b2ec5bda3cc8f876f55b01989b92351
Packers detected: PE_PATCH.MORPHINE, MORPHINE, UPX
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found Backdoor.SDBot.C647398C
ClamAV Found nothing
Dr.Web Found Win32.HLLW.ForBot.based
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found Backdoor.Win32.SdBot.gen
NOD32 Found a variant of Win32/Rbot
Norman Virus Control Found W32/SDBot.RTO
UNA Found nothing
VBA32 Found nothing


Last file scanned at least one scanner reported something about: ecarding.exe, detected by:

Scanner Malware name
AntiVir TR/Keylogger.BP.2
ArcaVir Trojan.Spy.Keylogger.Bp
Avast X
AVG Antivirus PSW.Keylog.S
BitDefender Trojan.Spy.Keylogger.BP
ClamAV Trojan.Spy.Keylogger.CC
Dr.Web Trojan.Elite.10
F-Prot Antivirus security risk or a "backdoor" program
Fortinet W32/Small.U-tr
Kaspersky Anti-Virus Trojan-Spy.Win32.KeyLogger.cc
NOD32 Win32/Spy.Elite.10.A
Norman Virus Control W32/KeyLogger.CC
UNA Trojan.Spy.Win32.KeyLogger
VBA32 Trojan-Spy.Win32.KeyLogger.cc



Now how do i get rid of it? ad-aware came up clean.
  • 0

#4
Cranky

Cranky

    Member

  • Member
  • PipPipPip
  • 131 posts
Go here and follow all instructions.

http://www.geekstogo...-Log-t2852.html :tazz:
  • 0

#5
ktownkatman

ktownkatman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts
OMG how the [bleep] did i get a keylogger?
  • 0

#6
ktownkatman

ktownkatman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts
noooooooo dont put me in the malware forum!!!!! it takes forever to get a reply! and besides libsys32.exe is makin hijackthis not work.
  • 0

#7
Murray S.

Murray S.

    Trusted Tech

  • Member
  • PipPipPipPipPipPipPip
  • 4,513 posts
  • MVP

noooooooo dont put me in the malware forum!!!!! it takes forever to get a reply! and besides libsys32.exe is makin hijackthis not work.

View Post


Howdy:

Well, that's where you get to go as malware problems are handled there NOT in the XP forum (or any other for that matter) !!

Murray
  • 0

#8
Cranky

Cranky

    Member

  • Member
  • PipPipPip
  • 131 posts
He has me confused.

He has 4 different post. :tazz:
  • 0

#9
ktownkatman

ktownkatman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts
OK i got past that sneaky [bleep] virus-malware. i started in safe mode and put libsys32.exe in trash. now hjt works fine heres my log


Logfile of HijackThis v1.99.1
Scan saved at 8:31:47 PM, on 8/31/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\CallWave\IAM.exe
C:\Documents and Settings\Andy H\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runescape.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft System Checkup] libsys32.exe
O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe
O4 - HKLM\..\RunServices: [Microsoft System Checkup] libsys32.exe
O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1124467439366
O23 - Service: NT login service (ntlogin32) - Unknown owner - C:\WINDOWS\System32\libsys32.exe (file missing)
  • 0

#10
ktownkatman

ktownkatman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts
eat that stupid virus-malware:-) I'm smarter than you nah nah nah nah boo boo. lmao
  • 0

Advertisements


#11
Cranky

Cranky

    Member

  • Member
  • PipPipPip
  • 131 posts
You have malware.
Post hjt log in the malware forum.

http://www.geekstogo...-Log-t2852.html


:tazz:
  • 0

#12
Murray S.

Murray S.

    Trusted Tech

  • Member
  • PipPipPipPipPipPipPip
  • 4,513 posts
  • MVP

eat that stupid virus-malware:-) I'm smarter than you nah nah nah nah boo boo. lmao

View Post


You're still loaded.. still need to post a "COMPLETE" HJT log in Malware..

Suggest you upgrade to SP1 before you do!!

Murray
  • 0

#13
ktownkatman

ktownkatman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts
already have SP2...
  • 0

#14
Murray S.

Murray S.

    Trusted Tech

  • Member
  • PipPipPipPipPipPipPip
  • 4,513 posts
  • MVP
Logfile of HijackThis v1.99.1
Scan saved at 8:31:47 PM, on 8/31/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)


NOT according to your HJT log !!

Wanna tell us another one ?? :tazz:

Murray

Edited by Murray S., 01 September 2005 - 08:09 AM.

  • 0

#15
ktownkatman

ktownkatman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts
Uhh... it wont let me download sp2 from windows update then...
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP