Re: what is the skq.exe process Virus? Hacker??

From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 01/05/05


Date: Wed, 5 Jan 2005 11:30:40 -0500

I had to ask about Adaware because I have come upon many posts where they say they have
executed Adaware and it turned out to be Adaware 6.. Thanx for indicating that this is NOT
the case but make sure Adaware SE is updated, and a full and complete deep scan is performed
in Safe Mode and make sure as many applications as possible are terminated prior to said
scan.

-- 
Dave
"toolman99" <toolman99@discussions.microsoft.com> wrote in message
news:71B3D02D-33C3-4205-8E1B-43E40E57E17E@microsoft.com...
| When i scanned in safe mode i think i only did a norton sweep -cannot
| remember if i reran adaware etc so will be doing a complete scan as per your
| instructions Thanks
|
| "David H. Lipman" wrote:
|
| > What is the version of Lavasoft Adaware ?
| >
| > -- 
| > Dave
| >
| >
| >
| >
| > "toolman99" <toolman99@discussions.microsoft.com> wrote in message
| > news:A262AABD-5A99-44E6-BD6C-7D726D0E5A15@microsoft.com...
| > | Thanks Dave- I will download thhis stuff- i am running Norton corporate
| > | edition, adaware and spybot which are all uptodate- i am operating behind a
| > | router as well. I did disable system restore booted up in safe mode and ran
| > | full system scan which turned up nothing.  This skq.exe was still chugging
| > | away - I meant to save a copy of the file but deleted it and all the huge
| > | files that it created as my hard drive was full- panicked  i guess- My son
| > | did have the w32 mugly virus in an email a few weeks ago - I cleaned this up
| > | as per instructions on the symantic site.  Did some research on the processes
| > | running in taskmanager and found antivirus.exe running which according to the
| > | net is a virus as well- i disabled that as well - Systems seems to be stable
| > | the last 2 days- i will go throught the procedure you outlined and report
| > | back when completed thanks for tips-
| > |
| > | "David H. Lipman" wrote:
| > |
| > | > 1)    Download the following four items...
| > | >
| > | >          McAfee Stinger
| > | >          http://vil.nai.com/vil/stinger/
| > | >
| > | >          Trend Sysclean Package
| > | >          http://www.trendmicro.com/download/dcs.asp
| > | >
| > | >          Latest Trend Pattern File.
| > | >          http://www.trendmicro.com/download/pattern.asp
| > | >
| > | >          Adaware SE (free personal version v1.05)
| > | >          http://www.lavasoftusa.com/
| > | >
| > | > Create a directory.
| > | > On drive "C:\"
| > | > (e.g., "c:\New Folder")
| > | > or the desktop
| > | > (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
| > | >
| > | > Download Sysclean.com and place it in that directory.
| > | > Download the Trend Pattern File by obtaining the ZIP file.
| > | > For example;  lpt331.zip
| > | >
| > | > Extract the contents of the ZIP file and place the contents in the same directory as
| > | > sysclean.com.
| > | >
| > | > 2)     Update Adaware with the latest definitions.
| > | > 3)     If you are using WinME or WinXP, disable System Restore
| > | >         http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
| > | > 4)     Reboot your PC into Safe Mode
| > | > 5)     Using Trend Sysclean, Stinger and Adaware, perform a Full Scan of your
| > | >         platform and clean/delete any infectors/parasites found.
| > | >         (a few cycles may be needed)
| > | > 6)     Restart your PC and perform a "final" Full Scan of your platform using the
three
| > | >         utilities;  Trend Sysclean, Stinger and Adaware
| > | > 7)     If you are using WinME or WinXP, Re-enable System Restore and re-apply any
| > | >         System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
| > | > 8)     Reboot your PC.
| > | > 9)     If you are using WinME or WinXP, create a new Restore point
| > | >
| > | > You can also try some of the below online scanners.
| > | >
| > | > BitDefender:
| > | > http://www.bitdefender.com/scan/license.php
| > | >
| > | > Computer Associates:
| > | > http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
| > | >
| > | > DialogueScience:
| > | > http://www.antivir.ru/english/www_av/
| > | >
| > | > F-Secure:
| > | > http://support.f-secure.com/enu/home/ols.shtml
| > | >
| > | > Freedom Online scanner:
| > | > http://www.freedom.net/viruscenter/index.html
| > | >
| > | > McAfee:
| > | > http://www.mcafee.com/myapps/mfs/default.asp
| > | >
| > | > Panda:
| > | > http://www.pandasoftware.com/activescan/
| > | >
| > | > Symantec:
| > | > http://security.symantec.com/
| > | >
| > | >
| > | > * * * Please report your results ! * * *
| > | >
| > | >
| > | >
| > | > -- 
| > | > Dave
| > | >
| > | >
| > | >
| > | >
| > | > "toolman99" <toolman99@discussions.microsoft.com> wrote in message
| > | > news:BE611BB9-2BE6-4046-92CF-6FC7EDDF4759@microsoft.com...
| > | > | I had theis skq.exe process running in the background and chewed up about 70
| > | > | gb of my harddrive in  1 week - found the file in the skq directory in the
| > | > | system32 directory - it was making huge 4 gb plus files and storing them -
| > | > | really strange - anyone else seen this before - i stopped process and deleted
| > | > | files and disabled in startup menu - have i been hacked??
| > | >
| > | >
| > | >
| >
| >
| >