Re: what is the skq.exe process Virus? Hacker??

From: toolman99 (toolman99_at_discussions.microsoft.com)
Date: 01/05/05 

Date: Wed, 5 Jan 2005 08:23:08 -0800

When i scanned in safe mode i think i only did a norton sweep -cannot
remember if i reran adaware etc so will be doing a complete scan as per your
instructions Thanks

"David H. Lipman" wrote:

> What is the version of Lavasoft Adaware ?
>
> --
> Dave
>
>
>
>
> "toolman99" <toolman99@discussions.microsoft.com> wrote in message
> news:A262AABD-5A99-44E6-BD6C-7D726D0E5A15@microsoft.com...
> | Thanks Dave- I will download thhis stuff- i am running Norton corporate
> | edition, adaware and spybot which are all uptodate- i am operating behind a
> | router as well. I did disable system restore booted up in safe mode and ran
> | full system scan which turned up nothing. This skq.exe was still chugging
> | away - I meant to save a copy of the file but deleted it and all the huge
> | files that it created as my hard drive was full- panicked i guess- My son
> | did have the w32 mugly virus in an email a few weeks ago - I cleaned this up
> | as per instructions on the symantic site. Did some research on the processes
> | running in taskmanager and found antivirus.exe running which according to the
> | net is a virus as well- i disabled that as well - Systems seems to be stable
> | the last 2 days- i will go throught the procedure you outlined and report
> | back when completed thanks for tips-
> |
> | "David H. Lipman" wrote:
> |
> | > 1) Download the following four items...
> | >
> | > McAfee Stinger
> | > http://vil.nai.com/vil/stinger/
> | >
> | > Trend Sysclean Package
> | > http://www.trendmicro.com/download/dcs.asp
> | >
> | > Latest Trend Pattern File.
> | > http://www.trendmicro.com/download/pattern.asp
> | >
> | > Adaware SE (free personal version v1.05)
> | > http://www.lavasoftusa.com/
> | >
> | > Create a directory.
> | > On drive "C:\"
> | > (e.g., "c:\New Folder")
> | > or the desktop
> | > (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
> | >
> | > Download Sysclean.com and place it in that directory.
> | > Download the Trend Pattern File by obtaining the ZIP file.
> | > For example; lpt331.zip
> | >
> | > Extract the contents of the ZIP file and place the contents in the same directory as
> | > sysclean.com.
> | >
> | > 2) Update Adaware with the latest definitions.
> | > 3) If you are using WinME or WinXP, disable System Restore
> | > http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
> | > 4) Reboot your PC into Safe Mode
> | > 5) Using Trend Sysclean, Stinger and Adaware, perform a Full Scan of your
> | > platform and clean/delete any infectors/parasites found.
> | > (a few cycles may be needed)
> | > 6) Restart your PC and perform a "final" Full Scan of your platform using the three
> | > utilities; Trend Sysclean, Stinger and Adaware
> | > 7) If you are using WinME or WinXP, Re-enable System Restore and re-apply any
> | > System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
> | > 8) Reboot your PC.
> | > 9) If you are using WinME or WinXP, create a new Restore point
> | >
> | > You can also try some of the below online scanners.
> | >
> | > BitDefender:
> | > http://www.bitdefender.com/scan/license.php
> | >
> | > Computer Associates:
> | > http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
> | >
> | > DialogueScience:
> | > http://www.antivir.ru/english/www_av/
> | >
> | > F-Secure:
> | > http://support.f-secure.com/enu/home/ols.shtml
> | >
> | > Freedom Online scanner:
> | > http://www.freedom.net/viruscenter/index.html
> | >
> | > McAfee:
> | > http://www.mcafee.com/myapps/mfs/default.asp
> | >
> | > Panda:
> | > http://www.pandasoftware.com/activescan/
> | >
> | > Symantec:
> | > http://security.symantec.com/
> | >
> | >
> | > * * * Please report your results ! * * *
> | >
> | >
> | >
> | > --
> | > Dave
> | >
> | >
> | >
> | >
> | > "toolman99" <toolman99@discussions.microsoft.com> wrote in message
> | > news:BE611BB9-2BE6-4046-92CF-6FC7EDDF4759@microsoft.com...
> | > | I had theis skq.exe process running in the background and chewed up about 70
> | > | gb of my harddrive in 1 week - found the file in the skq directory in the
> | > | system32 directory - it was making huge 4 gb plus files and storing them -
> | > | really strange - anyone else seen this before - i stopped process and deleted
> | > | files and disabled in startup menu - have i been hacked??
> | >
> | >
> | >
>
>
>

Relevant Pages

  • Re: Dump The System
    ... Are you following the full instructions for removal? ... running in safe mode you usually have to disable System Restore ...
    (microsoft.public.windowsxp.basics)
  • RE: getting rid of Gabot
    ... Then follow instructions. ... You may need to perform cleanup in Safe Mode and/or disable System Restore. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: what is the skq.exe process Virus? Hacker??
    ... I had to ask about Adaware because I have come upon many posts where they say they have ... in Safe Mode and make sure as many applications as possible are terminated prior to said ... I did disable system restore booted up in safe mode and ran ... |> | as per instructions on the symantic site. ...
    (microsoft.public.security.virus)
  • Re: Where are startup/shutdown files ?
    ... I have already run Norton and Malewarebyes in safe mode ... which took care of all the major virus problems. ... Include scanning with David Lipman's Multi_AV and follow instructions to ... all your data backed up before you take the machine into a shop. ...
    (microsoft.public.windowsxp.general)
  • Re: cant stop xp pro reboot loop
    ... i received the following on the second boot ... ... A description of the Safe Mode Boot options in Windows XP ... I can get as far as the desktop, then the reboot starts. ... to complete the rest of the instructions, ...
    (microsoft.public.windowsxp.help_and_support)