Re: taskmgr.exe accessing internet

From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 10/22/04 

Date: Fri, 22 Oct 2004 16:40:32 -0400

You can try some of the below online scanners.

Trend:
http://housecall.antivirus.com
http://housecall.trendmicro.com

F-Secure:
http://support.f-secure.com/enu/home/ols.shtml

McAfee:
http://www.mcafee.com/myapps/mfs/default.asp

Panda:
http://www.pandasoftware.com/activescan/

Kaspersky:
http://www.kaspersky.com/de/scanforvirus

Symantec:
http://security.symantec.com/

BitDefender
http://www.bitdefender.com/scan/license.php

Freedom Online scanner
http://www.freedom.net/viruscenter/index.html

* * * Please report your results ! * * *

Dave

"Kevin G" <keving98@juno.com> wrote in message
news:f3e2f91a.0410220606.5590228a@posting.google.com...
| Since I did not find anything when I scanned for spyware in Windows
| earlier, I'm sure that I would have scanned in Safe Mode, however, I
| tried scanning in Safe Mode again. Nothing. The Trend Micro utility
| did not find anything either.
|
| All updates to any software mentioned heretofore have, and have had,
| the latest updates, patches, signature files, definitions, etc...
|
| Anybody have another suggestion?
|
| Thank you,
|
| Kevin G
|
|
| keving98@juno.com (Kevin G) wrote in message
news:<f3e2f91a.0410090148.21398589@posting.google.com>...
| > I meant Safe Mode. I don't believe any of the programs mentioned would run in DOS.
| >
| > Kevin G
| >
| > "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:<#eyokbYrEHA.1644@tk2msftngp13.phx.gbl>...
| > > Who said to run the utilities in DOS ?
| > >
| > > The objective is to run the utilities in Safe Mode, not DOS.
| > >
| > > Those utilities are Adaware and Sysclean. Please run both in Safe Mode.
| > >
| > > Dave
| > >
| > >
| > >
| > >
| > > "Kevin G" <keving98@juno.com> wrote in message
| > > news:f3e2f91a.0410081419.cf9f20d@posting.google.com...
| > > | David,
| > > |
| > > | I can't believe after all the time I spent writing that short posting
| > > | that I neglected to mention that all client machines were scanned for
| > > | viruses with Trend Micro (I even used Trend Micro "House Call"), and
| > > | scanned for spyware with both Adaware and Spybot S&D; same with the
| > > | server. I didn't, however, use the Sysclean Package and I can't be
| > > | sure I ran Adaware and Spybot in DOS as well as Windows.
| > > |
| > > | I'll give your suggestion a try and let you know how it goes.
| > > |
| > > | Thanks.
| > > |
| > > | Kevin G
| > > |
| > > | "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
| > news:<uJDoYWSrEHA.332@TK2MSFTNGP14.phx.gbl>...
| > > | > 1) Download the following three items...
| > > | >
| > > | > Trend Sysclean Package
| > > | > http://www.trendmicro.com/download/dcs.asp
| > > | >
| > > | > Latest Trend signature files.
| > > | > http://www.trendmicro.com/download/pattern.asp
| > > | >
| > > | > Adaware SE
| > > | > http://www.lavasoftusa.com/
| > > | >
| > > | > Create a directory.
| > > | > On drive "C:\"
| > > | > (e.g., "c:\New Folder")
| > > | > or the desktop
| > > | > (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
| > > | >
| > > | > Download sysclean.com and place it in that directory.
| > > | > Dowload the signature files (pattern files) by obtaining the ZIP file.
| > > | > For example; lpt186.zip
| > > | >
| > > | > Extract the contents of the ZIP file and place the contents in the same directory
as
| > > | > sysclean.com.
| > > | >
| > > | > 2) Update Adware with the latest definitions.
| > > | > 3) If you are using WinME or WinXP, disable System Restore
| > > | > http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
| > > | > 4) Reboot your PC into Safe Mode
| > > | > 5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of
your
| > > | > platform and clean/delete any infectors/parasites found.
| > > | > 6) Restart your PC and perform a "final" Full Scan of your platform using both
the
| > > | > Trend Sysclean utility and Adaware
| > > | > 7) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
| > > | > System Restore preferences, (e.g. HD space to use suggested 400 ~
600MB),
| > > | > 8) Reboot your PC.
| > > | > 9) If you are using WinME or WinXP, create a new Restore point
| > > | > 10) Please report back your results
| > > | >
| > > | > Dave
| > > | >
| > > | >
| > > | >
| > > | >
| > > | >
| > > | >
| > > | > "Kevin G" <keving98@juno.com> wrote in message
| > > | > news:f3e2f91a.0410080154.7e2a5bfb@posting.google.com...
| > > | > | Our company is running SBS 2000 w/ Exchange Server 2000; ISA Server
| > > | > | 2000; and Trend Micro Server Protect with all updates and service
| > > | > | packs installed (save Win2000 sp4). We use SBC as our DSL provider.
| > > | > |
| > > | > | Our DSL connection suddenly slowed to a crawl (~30k) and we suspected
| > > | > | one of the workstations picked up some spyware or a virus. One by
| > > | > | one we shut down the workstations and tested the connection without
| > > | > | success. We shut down the Server, DSL Modem, and all the switches and
| > > | > | restarted. With just the Server connected the DSL stilled crawled
| > > | > | along. We ran a port scan and saw about 12 instances of taskmgr.exe
| > > | > | accessing, or being accessed through, the internet. As soon as we
| > > | > | stopped the Task Manager service it shot back up to 1.5m.
| > > | > |
| > > | > | Unfortunately we didn't note whether it was TCP or UDP, what the
| > > | > | remote IP was, or what port numbers were being used before we disabled
| > > | > | the service and cut the connections off.
| > > | > |
| > > | > | We've checked Trend Micro, Symantec, and Google with no luck. Any
| > > | > | idea what might have been going on?
| > > | > |
| > > | > | Any help would be greatly appreciated.

Relevant Pages

  • Re: How can u delete programs from windows when you get this msg.?
    ... Hi Dave, Your standard "pat" answer does not apply in this case, it has ... > Dowload the Trend Pattern File by obtaining the ZIP file. ... > You can also try some of the below online scanners. ... > | uninstalled the game but the uninstall procedure did not remove the ...
    (microsoft.public.windowsxp.general)
  • Re: Net Controller Trojan 1.08 - system.exe
    ... no other web source seems to have heard of this trojan athough KeenValue ... BTW - yes I did run both scans in Safe Mode but my Ad Aware is dated ... > Did you try any of the online scanners I proposed? ... > | Hello Dave ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Safe Mode Issue (Discard other Topic)
    ... My take on online scanners is that they are unsafe to use from within ... network exploitability. ... it comes to malware, "Safe Mode" isn't. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Net Controller Trojan 1.08 - system.exe
    ... Dave ... | Did you try any of the online scanners I proposed? ... | I can supply you with the McAfee Command Line Scanner instructions, ... | |> Download sysclean.com and place it in that directory. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Win32 Ulysses Z that wont leave
    ... Dave ... |> Please try several, if not all, of the below online scanners. ... |> | I have been working with someone to try to eliminate a popup virus warning ... |> | anti-virus software and they find it only through right clicking/popup boxes, ...
    (microsoft.public.windowsxp.security_admin)
Quantcast