Are any of these possibly DANGEROUS processes?

Status
Not open for further replies.
H

HiFi

Posts: 8   +0
I just recovered from that infamous worm that blocks off Task Manager, and regedit. I wanted to know which one of my processes seems out of place and/or dangerous. I now about the ones I need, but the following are ones that I am not sure about. Thanks.

DefWatch.exe
spoolsv.exe
rundll32.exe
svchost.exe (x4)
jusched.exe
ccApp.exe
wdfmgr.exe
 
Some people would describe Norton as a dangerous process,other than that though,those are safe.
 
Hello and welcome to Techspot.

They all seem fine. However, rundll32.exe can be used by some malware.

Go HERE and follow the instructions.

Then post a HJT log.

Regards Howard :wave: :wave:
 
Well, at least jusched.exe is unnecessary, if you ask me. It just sits there and checks for Sun Java updates.

Java isn't updated often, so I wouldn't keep the updater / scheduler running all the time.
 
Here is my HJT log, some said they wanted to see it
 

Attachments

  • hijackthis.txt
    5.3 KB · Views: 8
Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Double click on the following services(if there), and select stop if they are running. Set the startup type to disabled.

Registry System16 Checkup Monitor
MSN Messenge <No this isn`t a type`o.

Click apply/ok.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

SystemReg16.exe
winlogin.exe < Not to be confused with winlogon.exe which is legit.

Close task manager.

Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKLM\..\Run: [Registry System16 Checkup Monitor] SystemReg16.exe

O4 - HKLM\..\Run: [MSN Messenge] winlogin.exe

O4 - HKLM\..\RunServices: [Registry System16 Checkup Monitor] SystemReg16.exe

O4 - HKLM\..\RunServices: [MSN Messenge] winlogin.exe

O4 - HKCU\..\Run: [MSN Messenge] winlogin.exe

O4 - HKCU\..\Run: [Registry System16 Checkup Monitor] SystemReg16.exe

O4 - HKCU\..\RunServices: [MSN Messenge] winlogin.exe

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files(if there).

SystemReg16.exe
winlogin.exe

Reboot into normal mode.

Now go and follow The instructions in the How to remove trojans and it`s ilk! Thread.

Once you`ve done that, turn system restore back on.

Regards Howard :)
 
Status
Not open for further replies.

Similar threads

Jimmy2x
Gamers and developers everywhere are celebrating Bobby Kotick's departure
2
Replies
27
Views
637
Bamda
Bamda
midian182
Are these the first photos of a quad-slot, 800W Nvidia Titan RTX Ada?
2
Replies
27
Views
1K
andypau336
andypau336
D
Solved Broni: Please review these logs of a Dell Inspiron Running Windows 7 Home Premium--Part 1
Replies
10
Views
3K
Broni
Broni

Latest posts

Back