Is cmd.exe under lsass.exe a Virus

Grammarian-Bot · #1 Jun 16, 2006, 11:15 AM

I've got a problem that my internet, now a days, is working very slow. I think I''ve got some viruses in my computer and for that i have installed MCAFEE antivirus and its completely up to date. But still the problem ain't solved.

while looking into the Process Exdplorer, i saw that the cmd.exe process starts automatically as a sub process of lsass.exe and the after some time ftp.exe is initiated as a subprocess for cmd.exe. does that mean that my computer has some virus or trojan. Also some of my folders take a bit long to open (approximately 4 -- 5 seconds) when i double click them.

For your help, following is the list of processes running on my computer.

Please help me.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Installed Softwares\Super AD\SABSVC.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
C:\WINDOWS\System32\ctfmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
D:\Installed Softwares\Virtual\System\vcdsecs.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
D:\Installed Softwares\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\New\HijackThis.exe

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - D:\Installed Softwares\Super AD\sabtb.dll
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft (R) Windows Update Manager Tool] C:\WINDOWS\update\updmangr.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [SpyCatcher Reminder] "D:\Installed Softwares\SpyCatcher 2006\SpyCatcher.exe" reminder
O4 - HKLM\..\RunServices: [Microsoft Telecoms Center] telcoms.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] D:\Installed Softwares\Messenger\ypager.exe -quiet
O4 - Startup: Scheduler.lnk = D:\Installed Softwares\SpyCatcher 2006\Scheduler daemon.exe
O4 - Global Startup: SpyCatcher Protector.lnk = D:\Installed Softwares\SpyCatcher 2006\Protector.exe
O8 - Extra context menu item: Download All Links with IDM - D:\Installed Softwares\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - D:\Installed Softwares\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\INSTAL~1\Office\Office10\EXCEL.EXE/3000
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Installed Softwares\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Installed Softwares\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\INSTAL~1\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\INSTAL~1\MESSEN~1\YPager.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2832B6D1-0AD1-4B79-B32D-68BB72923E77}: NameServer = 202.163.96.3 202.163.96.4
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: interceptor.dll
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - D:\Installed Softwares\Super AD\SABSVC.EXE
O23 - Service: Virtual CD v4 Security service (VCDSecS) - H+H Software GmbH - D:\Installed Softwares\Virtual\System\vcdsecs.exe

Curlyben · Jun 16, 2006, 11:22 AM

Hmm looks a little suspecious.

Time for some serious maintanence:

Have you made sure all your drivers and patches are up to date ?
Worth trying are some other anti spyware/virus apps and some system maintenance.
(I'm going to assume that you are using XP even tho' you didn't mention.
Most of these steps will work with any Operating System)

Here's some simple steps for you to take.
1/ Remove temp files and other rubbish form your system, either with inbuilt Disc Clean up or CCleaner.
(Disc clean up; open my computer > right click your C: drive > properties > Disc clean up button on general tab. Let it run and select everything)

2/ To make sure everything is running fine also run both anti virus and anti spyware apps (make sure that they are updated first

) (AVG is good and free AV)
(A couple of good removal tools are Spybot and Adaware)
Also helps if the scanning is done in Safe mode as well as normal mode.

ALso an on line virus and spyware scanner is Trend Housecall

The use of a number of different scanners is a must as they check for infections in different ways.

shunned · Jun 17, 2006, 07:53 AM

You can google those filenames and you'll find many sites that will explain the various types of files loaded. However, I've been to sites that post questions like this and post those startup process files like you have here, and they are not that swift.
Have you defragged lately or installed a program? Lack of defragging or installing large programs could slow you up.
For internet purposes, there are speed checks (try googling that) to see if your line is doing the best that it can.
If you had a virus, mcafee would have found it.

Grammarian-Bot · Jul 3, 2006, 11:44 AM

Well.. Thanx both of you. I've downloaded AVG and updates my MCAfee and AD-Aware and ran a full system scan with all of the and now everything is fine.
thanx
GB



At Ask Me Help Desk you can ask questions in any topic and have them answered for free by our experts. To ask questions or participate in answering them you must register for a free account. By registering you will be able to: Get free answers from experts in any of our 300+ topics. Accept money for answers that you provide. Communicate privately with other members (PM). See fewer ads. Sign Up!