Ask Me Help Desk

Ask Me Help Desk (https://www.askmehelpdesk.com/forum.php)
-   Internet & the Web (https://www.askmehelpdesk.com/forumdisplay.php?f=177)
-   -   Is cmd.exe under lsass.exe a Virus (https://www.askmehelpdesk.com/showthread.php?t=27864)

  • Jun 16, 2006, 11:15 AM
    Grammarian-Bot
    Is cmd.exe under lsass.exe a Virus
    I've got a problem that my internet, now a days, is working very slow. I think I''ve got some viruses in my computer and for that I have installed MCAFEE antivirus and its completely up to date. But still the problem ain't solved.

    while looking into the Process Exdplorer, I saw that the cmd.exe process starts automatically as a sub process of lsass.exe and the after some time ftp.exe is initiated as a subprocess for cmd.exe. Does that mean that my computer has some virus or trojan. Also some of my folders take a bit long to open (approximately 4 -- 5 seconds) when I double click them.

    For your help, following is the list of processes running on my computer.

    Please help me.

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    D:\Installed Softwares\Super AD\SABSVC.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
    C:\WINDOWS\System32\ctfmon.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\nvsvc32.exe
    D:\Installed Softwares\Virtual\System\vcdsecs.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\program files\mcafee.com\vso\mcvsshld.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    D:\Installed Softwares\Internet Download Manager\IDMan.exe
    C:\WINDOWS\system32\cmd.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    D:\New\HijackThis.exe

    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - D:\Installed Softwares\Super AD\sabtb.dll
    O4 - HKLM\.. \Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\.. \Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\.. \Run: [Microsoft (R) Windows Update Manager Tool] C:\WINDOWS\update\updmangr.exe
    O4 - HKLM\.. \Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
    O4 - HKLM\.. \Run: [SpyCatcher Reminder] "D:\Installed Softwares\SpyCatcher 2006\SpyCatcher.exe" reminder
    O4 - HKLM\.. \RunServices: [Microsoft Telecoms Center] telcoms.exe
    O4 - HKCU\.. \Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\.. \Run: [Yahoo! Pager] D:\Installed Softwares\Messenger\ypager.exe -quiet
    O4 - Startup: Scheduler.lnk = D:\Installed Softwares\SpyCatcher 2006\Scheduler daemon.exe
    O4 - Global Startup: SpyCatcher Protector.lnk = D:\Installed Softwares\SpyCatcher 2006\Protector.exe
    O8 - Extra context menu item: Download All Links with IDM - D:\Installed Softwares\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download with IDM - D:\Installed Softwares\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\INSTAL~1\Office\Office10\EXCEL.EXE/3000
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Installed Softwares\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Installed Softwares\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\INSTAL~1\MESSEN~1\YPager.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\INSTAL~1\MESSEN~1\YPager.exe
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab
    O17 - HKLM\System\CCS\Services\Tcpip\.. \{2832B6D1-0AD1-4B79-B32D-68BB72923E77}: NameServer = 202.163.96.3 202.163.96.4
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - AppInit_DLLs: interceptor.dll
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - D:\Installed Softwares\Super AD\SABSVC.EXE
    O23 - Service: Virtual CD v4 Security service (VCDSecS) - H+H Software GmbH - D:\Installed Softwares\Virtual\System\vcdsecs.exe
  • Jun 16, 2006, 11:22 AM
    Curlyben
    Hmm looks a little suspicious.

    Time for some serious maintanence:

    Have you made sure all your drivers and patches are up to date ?

    Worth trying are some other Anti-Spyware/Virus Application and some System Maintenance, (I'm going to assume that you are using XP even though you didn't mention it).

    Most of these steps will work with any Operating System:

    1. Remove Temp Files and other unneeded files from your system, either with the built-in Disc Clean Up or CCleaner.

    (Disc clean up; open my computer > right click your C: drive > properties > Disc clean up button on general tab. Let it run and select everything).

    2. To make sure everything is running fine, also run both Anti-Virus and Anti-Spyware Apps (make sure that they are updated first) (AVG is good and free).

    (A couple of good removal tools are Spybot and Adaware)

    *Also helps if the scanning is done in Safe mode as well as normal mode.

    Also an online Virus and Spyware scanner is Trend Housecall

    The use of a number of different scanners is a must as they check for infections in different ways.
  • Jun 17, 2006, 07:53 AM
    shunned
    You can Google those filenames, and you'll find many sites that will explain the various types of files loaded. However, I've been to sites that post questions like this and post those startup process files like you have here, and they are not that accurate.

    Have you defragged lately or installed a program? Lack of defragging or installing large programs could slow you up. For internet purposes, there are speed checks, (try googling that), this will let you know if your internet connection is as fast as it should be.

    If you had a Virus, McAfee would have found it.
  • Jul 3, 2006, 11:44 AM
    Grammarian-Bot
    Well.. Thanks both of you. I've downloaded AVG and updates my MCAfee and AD-Aware and ran a full system scan with all of the and now everything is fine.
    Thanks
    GB

    • All times are GMT -7. The time now is 09:21 AM.