$&#&@! Tcpipmon.exe

Status
Not open for further replies.
Mr.Fork

Mr.Fork

Posts: 26   +0
Ya know, I should know better. I'm a Service Desk manager, an IT Security advisor, and a computer guru. But sometimes I hit the stupid branch down the stupid tree when I get up in the morning.

Being tired is never a good idea to look at stuff your friends send you. But somehow, I managed to let TCPIPMON.EXE sneak in. I've been trying for around 6 hours to kill it - but I suspect this new variant has more than the rpcc.dll and tcpipmon.exe.

Ya know, after running HJT, I see a lot of stuff I can unload on my machine that I know it doesn't need. The two SVCHOST.EXE do concern me but I know that Creative is notorious for using a least one (I have a Audigy2ZS).

The RUNDLL32.EXE makes me suspicious but I think it may be related to my nVidia drivers.
 
You`re running HJT from the wrong location.

Download HijackThis from HERE. Unzip it and place it in this directory C:\program files\hijackThis\HijackThis.exe.

[CENTER] DO NOT PUT HJT ON THE DESKTOP OR IN A TEMP FOLDER

-----------------------------------------------------------------------------------------------------------------------------------


THIS IS VERY IMPORTANT.
[/CENTER]
Rename the Hijackthis.exe file to Analyze.exe. This is because some malware can hide from HijackThis.exe. Right click the HijackThis.exe file and choose rename. Click in the title box and press the delete key to clear what`s there, type Analyze.exe and press the enter key. Right click the Analyze.exe file and send to desktop(create shortcut).

[CENTER]Under no circumstances should you add any items to the HJT ignore list.[/CENTER]


You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

Microsoft Validation Service

Close the services window.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

wmiprsv.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n028p/EN/install/gtdownlr.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{1DA68B62-011C-416D-A752-EA761A33C980}: NameServer = 64.59.135.143,64.59.135.145<Only fix this if it doesn`t belong to your ISP.

O23 - Service: Microsoft Validation Service - Unknown owner - C:\WINDOWS\wmiprsv.exe

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\WINDOWS\wmiprsv.exe

Reboot into normal mode and rehide your protected OS files.

Post a fresh HJT log as well as AVG Antispyware and Combofix logs. Make sure you post all logfiles as attachments, see HERE for instructions.

Regards Howard :)

This thread is for the use of Mr.Fork only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Your HJT log is now clean.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard :)

This thread is for the use of Mr.Fork only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Many thanks Howard. Is it me, or are the new spyware garbage out there getting worse and more viral? :)
 
No, it`s not just you mate. It`s getting worse and worse all the time. I`m seeing a lot more rootkits now than ever I used to and of course new variants of older malware seem to popup with alarming regularity.

I`ve already seen a few infections on Vista, which was meant to be a lot more secure and I think as Vista becomes more popular, I`ll see a hell of a lot more.

Regards Howard :)

This thread is for the use of Mr.Fork only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.

Similar threads

Shawn Knight
Lian Li introduces T-shaped power supply for dual-chamber PC cases
Replies
7
Views
279
mbrowne5061
M
Dood123
Help login in Instagram account, says use 2FA code but have not set up 2FA for insta
Replies
0
Views
709
Dood123
Dood123
midian182
Linus Sebastian is stepping down as CEO of Linus Media Group, rejects $100 million takeover...
2
Replies
39
Views
2K
Shirley Dulcey
S

Latest posts

Back