Live Chat & Podcast at 1:00PM Eastern on Sunday!
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
Tag Cloud
access acer asus bios bsod computer crash desktop driver drivers error ethernet excel freeze gaming gpu hard drive hardware hdmi internet laptop malware memory monitor motherboard netgear network printer problem ram registry router security slow software sound trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Virus & Other Malware Removal >
Solved: Can't kill infected process, it just re-appears

Reply  
Thread Tools
anhhuy1605's Avatar
Junior Member with 2 posts.
  
Join Date: Feb 2010
Experience: Beginner
09-Feb-2010, 04:52 PM #1
Can't kill infected process, it just re-appears
I used Ghost but it didn't solve this problem. Those processes are AdobeUpdater.exe, MPClient.exe(4 -5 process!!!),MPSvc.exe, TableTextService.exe, wscntfy.exe. I used msconfig to delete their starup file and it also reappears!!! Even in safe mode they just keep appearing. I tried delete the file after kill the process and before the process re-apear, the file had been DELETED but the process and the file just RECOVER
btw, help.exe is Hijackthis
HIJACKTHIS LOG
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:17:54 AM, on 2/10/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MPSvc.exe
C:\Program Files\Windows Defender\MPClient.exe
C:\Program Files\Common Files\System\TableTextService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AdobeUpdater.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Windows Defender\MPClient.exe
C:\Program Files\Windows Defender\MPClient.exe
C:\Program Files\Windows Defender\MPClient.exe
C:\Program Files\Windows Defender\MPClient.exe
C:\Documents and Settings\Huy\My Documents\Downloads\Programs\help.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Program Files\Adobe\Reader 9.0\Reader\AdobeUpdater.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Brothersoft Toolbar - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\tbBrot.dll
O3 - Toolbar: Brothersoft Toolbar - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\tbBrot.dll
O4 - HKLM\..\Run: [Adobe Update Manager] C:\Program Files\Adobe\Reader 9.0\Reader\AdobeUpdater.exe
O4 - HKLM\..\Run: [Microsoft Text Input Processor] C:\Program Files\Common Files\System\TableTextService.exe
O4 - HKLM\..\RunOnce: [MONITOR] C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO\LoaderRunOnce.exe
O4 - HKCU\..\Run: [Adobe Update Manager] C:\Program Files\Adobe\Reader 9.0\Reader\AdobeUpdater.exe
O4 - HKCU\..\Run: [Microsoft Text Input Processor] C:\Program Files\Common Files\System\TableTextService.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O16 - DPF: {7FB87A62-C850-4FA8-A82F-A12468FEBC1F} (OnGameDownloader Control) - http://ongame.com.vn/activeX/OnGameDownLoader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BA98D14A-9256-4F3D-AC0E-CACD6EF3010A}: NameServer = 203.162.4.190,203.162.4.191,208.67.222.222,208.67.220.220
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

--
End of file - 4880 bytes
Last edited by anhhuy1605; 09-Feb-2010 at 04:59 PM..
anhhuy1605's Avatar
Junior Member with 2 posts.
  
Join Date: Feb 2010
Experience: Beginner
10-Feb-2010, 11:37 AM #2
Finally I solved this problem
I used Process Explorer and kill 1 process, and I saw it reappeared in another process... so I killed all the "outside" process, and I had a process tree with all the malicious process, I choose Kill Process Tree and they couldn't reappear anymore next I deleted the the malicious file and delete their startup registry. So now I'm free from them This is a good experience for me
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Thread Tools



Facebook Facebook Twitter Twitter TechGuy.tv TechGuy.tv Mobile TSG Mobile
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 02:15 AM.
Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved.

 Powered by Cermak Technologies, Inc.