Results 1 to 4 of 4

Thread: Rogue process

  1. #1
    New Lounger
    Join Date
    Jul 2010
    Location
    NoVA
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    HELP


    Something out there loaded a rogue process into my laptop.

    If I let all processes load, any time I try to execute a program, even the task
    manager, I get a flurry of "contaminated" messages asking if I wish to activate
    my virus protection, then multiple internet access attempts are made.

    I use a licenced Grisoft AVG-9 virus package and it is running and reports
    (after full scan) no problems.

    Any programs that I execute before most of the processes are loaded seem to work
    OK including the task manager.

    Which processes do I need to delete and/or which items in the start list do I
    delete? Where do I find the start list?

    I'm running XP pro sp2

    WHere can I find a list of the XP processes extant along with a bit about what
    each one does? My machine loads about 70 processes.

    Thanks for any help

    Larry


    Here is a list of the processes running, less the two I deleted (MBAM and the
    one I forgot to write down):

    I tried to replicate the case used but not always correct.
    U=User
    S=System
    LS=Local Service
    NS=Network Service

    MBAM u

    avgtray u

    Taskmgr u

    Apoint u

    qtask u

    avgui u

    WLService s

    avgcsrvx s

    CTfmon u

    capm5swk s

    CeKey u

    FnKeyHook u

    igfxtray u

    explorer u

    TMERzctc u

    Ctregrun u

    TFncKy u

    TOSCDSPD u

    RAMASST u

    SmoothView u

    wwuauclt s

    InfoMyCa u

    ApntEx u

    InetReg u

    HKcmd u

    TMEEJME system

    TPTray user

    avgscanx s

    agrsmmsg u

    TctrolIOhook u

    alg Local Service

    tfswctol u

    CFSServ u

    msmsgs u

    CAPM5RSK s

    spoolserv s

    ZoomingHook u

    IntuitUpdate s

    aavgnsx s

    avgcsrvx s

    svchost ls

    avgam s

    svchost Network Service

    CAPM5LAK u

    avgrsx s

    acs s

    avgchsvx s

    svchost s

    wdfmgr ls

    srchost ns

    avgam s

    svchost ls

    svchost s

    DVDRAMSV s

    lsass s

    Services s

    Winlogon s

    TMESRV31 s

    csrss s

    Swupdtmr s

    Smss s

    CFSvcs s

    svchost s

    avgwdsvc s

    AOLacsd s

    svchost ls

    System s

    System idel process s

  2. #2
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    6,121
    Thanks
    160
    Thanked 609 Times in 557 Posts
    If I let all processes load, any time I try to execute a program, even the task
    manager, I get a flurry of "contaminated" messages asking if I wish to activate
    my virus protection, then multiple internet access attempts are made.
    What, specifically, are the contents of these "contaminated" messages?


    Do you have the antimalware program MalwareBytes Anti-Malware installed on your machine?
    MBAM= MalwareBytes Anti-Malware
    This may be attempting to load and detect some form of malware.

    Do a google search under each of these processes that you have listed and you will find an associated program that may or may not be needed as a start up run process. Remember, also that it is possible for any running process to be taken over by a trojan or virus.

    Example of a running process that does not need to be running as a start up process:
    CTRegRun.exe=Creative Soundblaster Live series soundcards. Reminds you to register your card with Creative.
    DRIVE IMAGING
    Invest a little time and energy in a well thought out BACKUP regimen and you will have minimal down time, and headache.

    Build your own system; get everything you want and nothing you don't.
    Latest Build:
    ASUS X99 Deluxe, Core i7-5960X, Corsair Hydro H100i, Plextor M6e 256GB M.2 SSD, Corsair DOMINATOR Platinum 32GB DDR4@2666, W8.1 64 bit,
    EVGA GTX980, Seasonic PLATINUM-1000W PSU, MountainMods U2-UFO Case, and 7 other internal drives.

  3. #3
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    East Coast, USA
    Posts
    993
    Thanks
    8
    Thanked 43 Times in 43 Posts
    Quote Originally Posted by larrytoo View Post
    HELP


    Which processes do I need to delete and/or which items in the start list do I
    delete? Where do I find the start list?


    WHere can I find a list of the XP processes extant along with a bit about what
    each one does? My machine loads about 70 processes.
    These are Free and may be useful ...

    Glary Utilities
    http://www.glaryutilities.com/gu.html

    Process Explorer
    http://technet.microsoft.com/en-us/s.../bb896653.aspx

    What's Running
    http://www.whatsrunning.net/

    Hope those are helpful.

  4. #4
    Bronze Lounger DrWho's Avatar
    Join Date
    Dec 2009
    Location
    Central Florida
    Posts
    1,501
    Thanks
    30
    Thanked 205 Times in 163 Posts
    Apparently you're looking at your process list and not your "Startup" folder.
    RUN MSCONFIG and under the Startup tab, DE-Select everything but your AVG files.
    Apply the change and exit MSCONFIG. Reboot!

    Now see what happens.
    You can always go back and re-select things you may want or need, like printer drivers.

    I recognized a few of the things in your Processes list as things you absolutely don't need, like Qtask and CTfmon.
    Those NEVER need to be running.

    That is at least a good place to start your troubleshooting.

    Doc
    Experience is truly the best teacher.

    Backup! Backup! Backup! GHOST Rocks!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •