computer problem

[bolun]

Hello

Heres the story. I downloaded software using bit comet. After i installed it, a message popped up saying my computer is going to shutdown in a minute, but my computer just froze. Anyways, i uninstalled it, deleted all of it, or so i hope. I don't see that pop up anymore, but now my computer is running really slow at times. In the task manager, theres 2 tasks called scanningprocess.exe. Also, within the past couple hours, my Zone Alarm fire wall blocked 477 intrusions, and 13 of them high rated. I've ran my AVG virus software, the Zone alarm anti virus and spy ware, spy bot, ad aware, and they all came up with nothing but some minor problems.

When i start up my PC, I click on something, and nothing happens. But after almost a minute, it opens what i clicked on.

I have no idea whats the problem, and I'd really appreciate if someone could help me out.

Thanks,
Bolun

Oh, and I also made a HJT Log.

View attachment 15081


It seems as if my PC has settled down a bit, and a couple more intrusions blocked.
Also, when I try to end the scanning process in Task manager, it says it cannot be terminated.

 

[howard_hopkinso]

scanningprocess.exe=beagle.dz trojan.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

Also, let me know the results of the AVG Antirootkit scan.

Regards Howard

This thread is for the use of bolun only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[kchris gayle]

ahem.....
check again on your add/remove programs if indeed it has been deleted....
and if it still slows down all you got to do is optimize the browser settings, check on your firewall...you can temporarily disable it for a while and see what happens... and wow dude you got so many spyware and anti-virus programs running it would tend to really slow down... you can just use one for each the maximum is two...

 

[bolun]

I completed all the steps in that link you gave me. My anti Virus turned up nothing, but it showed that Shell32.dll and ntoskrnl.exe have been changed. Ad aware turned up nothing. S&D fixed some minor problems. The Anti rook kit turned up nothing.

Here are the logs you told me to attach.

View attachment 15100 AVG antispyware log
View attachment 15101 Combo Fix Log
View attachment 15102 New HJT Log

The scanning process.exe is still there.

 

[howard_hopkinso]

Your system looks clean.

After further research it seems the scanningprocess.exe can also belong to Zonealarm, depending on where it`s running from..

C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe<This is the legit filepath.

Where is your ScanningProcess.exe file running from?

Regards Howard

This thread is for the use of bolun only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[bolun]

I just updated to Zone Alarm Security Suite version 7.0.337.000, and after looking up on the net, the scanning process supposedly belongs to this new version of ZA.

In my HJT log, it says it is running from:
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe

So it should be fine then I guess.

Thanks for all the help

Oh, and also, should I be worried about the constant increase in blocked intrusions by my zonealarm?

 

[wilsonwilson]

I "KILLED" scanningprocess.exe

I used ZAP against itself


1. Program Control >Programs >Add

2. "ADD" C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe

3. In the 'trust' 'access' etc...left click KILL

4. kill process in task manager (if running HA like it's not)

5. renamed "scanningprocess" "~scanningprocess.exe"

Works for me hope this helps