Ask Experts Questions for FREE Help !
Ask

Is cmd.exe under lsass.exe a Virus

Asked Jun 16, 2006, 11:15 AM — 3 Answers
My internet is working very slow. I think I've got some Viruses in my Computer, and for that I have installed MCafee Antivirus, and it's completely up to date. But, still the problem isn't solved.

While looking into the Process Explorer, I saw that the cmd.exe process starts automatically as a sub process of lsass.exe and after some time, ftp.exe is initiated as a subprocess for cmd.exe.

Does that mean that my Computer has some Virus or Trojan. Also, some of my folders take approximately 4 to 5 seconds to open when I double click them.

Following is the list of processes running on my computer.

Please help me.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Installed Softwares\Super AD\SABSVC.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
C:\WINDOWS\System32\ctfmon.exe
C:\program files\mcafee.com\agent\mcdetect.exe
C:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
D:\Installed Softwares\Virtual\System\vcdsecs.exe
C:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\program files\mcafee.com\vso\mcvsshld.exe
C:\progra~1\mcafee.com\vso\mcvsescn.exe
D:\Installed Softwares\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\New\HijackThis.exe

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - D:\Installed Softwares\Super AD\sabtb.dll
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft (R) Windows Update Manager Tool] C:\WINDOWS\update\updmangr.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [SpyCatcher Reminder] "D:\Installed Softwares\SpyCatcher 2006\SpyCatcher.exe" reminder
O4 - HKLM\..\RunServices: [Microsoft Telecoms Center] telcoms.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] D:\Installed Softwares\Messenger\ypager.exe -quiet
O4 - Startup: Scheduler.lnk = D:\Installed Softwares\SpyCatcher 2006\Scheduler daemon.exe
O4 - Global Startup: SpyCatcher Protector.lnk = D:\Installed Softwares\SpyCatcher 2006\Protector.exe
O8 - Extra context menu item: Download All Links with IDM - D:\Installed Softwares\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - D:\Installed Softwares\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\INSTAL~1\Office\Office10\EXCEL.EXE/3000
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Installed Softwares\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Installed Softwares\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\INSTAL~1\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\INSTAL~1\MESSEN~1\YPager.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2832B6D1-0AD1-4B79-B32D-68BB72923E77}: NameServer = 202.163.96.3 202.163.96.4
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: interceptor.dll
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - D:\Installed Softwares\Super AD\SABSVC.EXE
O23 - Service: Virtual CD v4 Security service (VCDSecS) - H+H Software GmbH - D:\Installed Softwares\Virtual\System\vcdsecs.exe

Search this Thread
Share |
3 Answers
Curlyben's Avatar
Curlyben Posts: 18,081, Reputation: 8728
Admin & Wine Expert
  
#2

Jun 16, 2006, 11:22 AM
Hmm looks a little suspicious.

Time for some serious maintanence:

Have you made sure all your drivers and patches are up to date ?

Worth trying are some other Anti-Spyware/Virus Application and some System Maintenance, (I'm going to assume that you are using XP even though you didn't mention it).

Most of these steps will work with any Operating System:

1. Remove Temp Files and other unneeded files from your system, either with the built-in Disc Clean Up or CCleaner.

(Disc clean up; open my computer > right click your C: drive > properties > Disc clean up button on general tab. Let it run and select everything).

2. To make sure everything is running fine, also run both Anti-Virus and Anti-Spyware Apps (make sure that they are updated first) (AVG is good and free).

(A couple of good removal tools are Spybot and Adaware)

*Also helps if the scanning is done in Safe mode as well as normal mode.

Also an online Virus and Spyware scanner is Trend Housecall

The use of a number of different scanners is a must as they check for infections in different ways.
Helpful
shunned's Avatar
shunned Posts: 270, Reputation: 99
Full Member
  
#3

Jun 17, 2006, 07:53 AM
You can google those filenames, and you'll find many sites that will explain the various types of files loaded. However, I've been to sites that post questions like this and post those startup process files like you have here, and they are not that accurate.

Have you defragged lately or installed a program? Lack of defragging or installing large programs could slow you up. For internet purposes, there are speed checks, (try googling that), this will let you know if your internet connection is as fast as it should be.

If you had a Virus, McAfee would have found it.
Helpful
Grammarian-Bot's Avatar
Grammarian-Bot Posts: 85, Reputation: 5
Junior Member
  
#4

Jul 3, 2006, 11:44 AM
Thanks both of you. I've downloaded AVG and updated my McAfee and AD-Aware and ran a full system scan, and now everything is fine.

Thank you,
GB
Helpful
Not your question? Ask your question View similar questions
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search

Add your answer here.

Remove Text Formatting
 

Undo
Redo
  
Decrease Size
Increase Size
Bold
Italic
Underline
Align Left
Align Center
Align Right
Ordered List
Unordered List
Decrease Indent
Increase Indent
Insert Email Link
Wrap [QUOTE] tags around selected text
Wrap [CODE] tags around selected text
Wrap [HTML] tags around selected text
Wrap [PHP] tags around selected text
Wrap [YOUTUBE] tags around selected text
Notification Type:



Check out some similar questions!

Possible New Virus [ 5 Answers ]

Hi, Emails are being circulated and forwarded with a new virus warning, for which there are not yet any Antivirus Definitions. The following may or may not be a Hoax. A new virus is going around. It comes to you in email with the subject line "A Card for You". If you open this email, the...

Possible virus... [ 3 Answers ]

I was running AVG anti-virus, and it just stopped working...it would start to scan then completely close out, so I deleted it off my computer and re installed it I had the same problem so I got norton and I had the same problem. So I'm guessing I have something on my computer that's turning them...

Virus [ 4 Answers ]

I have trend Pcillin virus scanner which finds the follwing viruses : ADW_NCASE.A ADW_MIWAY WORM SOBER A These are shown as deleted but when I scan again they are still there When I do AVG virus scan - these do not show Helppppp plse - are they there or not Thanks

Anti virus disable, is is a virus? [ 1 Answers ]

I was running AVG atni-virus, and it just stopped working...it would start to scan then completely close out, so I deleted it off my computer and re installed it I had the same problem so I got norton and I had the same problem.

View more Internet & the Web questions Search