Re: Net Controller Trojan 1.08 - system.exe

From: Bluebottle (Bluebottle_at_discussions.microsoft.com)
Date: 10/28/04 

Date: Thu, 28 Oct 2004 12:25:09 -0700

Hello Dave

Thanks for the suggestion - no luck so far I'm afraid. I already regularly
sweep with Ad Aware so I wasn't surprised that this ddn't get it (although SE
did pick up Adware that my older version did not) and I have downloaded the
Trend Sysclean package etc and run it - The first time took over 4 hrs and
came up with nothing. I noticed that one of the black script boxes that was
running (titled C:\Cleaner(my folder name)\VSCANTM.BIN) had <<ERROR <-94>>>
after every line. When I checked the log at the end of the scan it said that
an error occurred while reading.... doesn't sound like it worked??

Just to be sure I downloaded the files again and re ran them - same result.

The System process is still appearing in my Task Manager - strangley if I
try to End Process from here it will not end??

Can you (or anyone) confirm that this process (system.exe) is a trojan? The
web site that says it is is ProcessLibrary.com

I am now going to work through the list of online scanners that you gave.
My last resort will be the DOS scan that McAfee have suggested.

Regards BB
 
"David H. Lipman" wrote:

>
> 1) Download the following three items...
>
> Trend Sysclean Package
> http://www.trendmicro.com/download/dcs.asp
>
> Latest Trend signature files.
> http://www.trendmicro.com/download/pattern.asp
>
> Adaware SE (personal free version)
> http://www.lavasoftusa.com/
>
> Create a directory.
> On drive "C:\"
> (e.g., "c:\New Folder")
> or the desktop
> (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
>
> Download sysclean.com and place it in that directory.
> Dowload the signature files (pattern files) by obtaining the ZIP file.
> For example; lpt202.zip
>
> Extract the contents of the ZIP file and place the contents in the same directory as
> sysclean.com.
>
> 2) Update Adware with the latest definitions.
> 3) If you are using WinME or WinXP, disable System Restore
> http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
> 4) Reboot your PC into Safe Mode
> 5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
> platform and clean/delete any infectors/parasites found.
> (a few cycles may be needed)
> 6) Restart your PC and perform a "final" Full Scan of your platform using both the
> Trend Sysclean utility and Adaware
> 7) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
> System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
> 8) Reboot your PC.
> 9) If you are using WinME or WinXP, create a new Restore point
>
> You can also try some of the below online scanners.
>
> Trend:
> http://housecall.antivirus.com
> http://housecall.trendmicro.com
>
> F-Secure:
> http://support.f-secure.com/enu/home/ols.shtml
>
> McAfee:
> http://www.mcafee.com/myapps/mfs/default.asp
>
> Panda:
> http://www.pandasoftware.com/activescan/
>
> Kaspersky:
> http://www.kaspersky.com/de/scanforvirus
>
> Symantec:
> http://security.symantec.com/
>
> BitDefender
> http://www.bitdefender.com/scan/license.php
>
> Freedom Online scanner
> http://www.freedom.net/viruscenter/index.html
>
>
> * * * Please report your results ! * * *
>
> Dave
>
>
>
>
>
>
> "Bluebottle" <Bluebottle@discussions.microsoft.com> wrote in message
> news:42339138-55B8-4813-B194-084D76CA1305@microsoft.com...
> | My PC shows an active process called 'System'. A search on the web tells me
> | that this is a process file - system.exe and is registered as a Net
> | Controller 1.08 Trojan. Viruscan 8 is not picking it up and a file search
> | from Explorer is not finding either. It is there and is running as it is
> | shown in my Task Manager. Consultation with McAfee has not found the location
> | of the file (we have checked the registry and the configuration utility) so
> | they have advised me to run a scan in DOS. This worries me as this scan will
> | delete any infected system files without prompting and i guess that this
> | could render my OS inoperable. To make matters worse the Windows Backup
> | utility does not work on my PC.
> |
> | Does anyone have any experience of this process? Can anyone confirm it is a
> | trohjan and should be deleted? Can anyone suggest an less drastic measure?
> | Does anyone know wher eit may reside?
>
>
>

Relevant Pages

  • Re: Net Controller Trojan 1.08 - system.exe
    ... Trend Sysclean. ... Did you try any of the online scanners I proposed? ... I can supply you with the McAfee Command Line Scanner instructions, ... |> 3) If you are using WinME or WinXP, disable System Restore ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Almost all programs shutdown
    ... Mr. Rich Barry rocks!!!.....your suggestion solved my problem. ... Mcafee works fine and all my programs start and run ... without success). ... > "Windows File Protection. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Dialogs Missing text
    ... Still awaiting into from customer. ... > Hi Adrian, ... > Have you tried the suggestion of checking the McAfee? ...
    (microsoft.public.dotnet.framework.windowsforms)
  • Re: Always appreciate the little things given to you.
    ... > I wholeheartedly recommend Panda Antivirus. ... Thanks for the suggestion, I may look into it, or McAfee. ...
    (borland.public.delphi.non-technical)
  • Re: Always appreciate the little things given to you.
    ... > Thanks for the suggestion, I may look into it, or McAfee. ... > the only reason why I'm using NAV 2003 is because it came with my ...
    (borland.public.delphi.non-technical)