http://forums.techguy.org/malware-r...download-software.html?highlight=trkwksvc.exe
I couldn't post a reply and apparently I can't PM either (new member restriction?) so I'm creating this new thread.
OhMiOhMy's connection problem may very well be C:\WINDOWS\trkwksvc.exe.
I found this on two computers with intermittent connection problems due to flooding the NIC with outgoing activity. Windows 2000 SP 4 - C:\WINNT and Windows XP SP2 - C:\WINDOWS.
The file I believe to be malware, trkwksvc.exe, is listed at Symantec's web site, but with completely different symptoms and this particular version was not detectable with SAV 9.0.3.1000, scan engine 71.3.0.25, definition files from 10/31/2007 rev. 16.
I found the culprit when I ran the SysInternals.com tools - Process Explorer and File Monitor. Crazy thing...when either of these tools are launched, they are terminated and their executable file is deleted from the file system. However, the malware is not clever enough to figure out these tools are running if you simply rename procexp.exe and filemon.exe to something like pr.exe and fm.exe.
The File Monitor showed me what process was deleting the procexp and filemon files and sure enough, it was trkwksvc.exe. Kill that process with Process Explorer. Delete trkwksvc.exe from your file system.
You will find entries in your registry for this that show it as "NET Service" - you'll find this listed in services.msc also, but you will likely be unable to edit or modify anything there. Search your registry for trkwksvc.exe and delete all instances of it and delete all keys for "NET Service".
This may solve your connectivity problems as you will no longer be plagued by the overwhelming network activity this things causes. I've also sent the file and my findings to Symantec, so hopefully they will soon provide virus definition files to combat this thing.
I couldn't post a reply and apparently I can't PM either (new member restriction?) so I'm creating this new thread.
OhMiOhMy's connection problem may very well be C:\WINDOWS\trkwksvc.exe.
I found this on two computers with intermittent connection problems due to flooding the NIC with outgoing activity. Windows 2000 SP 4 - C:\WINNT and Windows XP SP2 - C:\WINDOWS.
The file I believe to be malware, trkwksvc.exe, is listed at Symantec's web site, but with completely different symptoms and this particular version was not detectable with SAV 9.0.3.1000, scan engine 71.3.0.25, definition files from 10/31/2007 rev. 16.
I found the culprit when I ran the SysInternals.com tools - Process Explorer and File Monitor. Crazy thing...when either of these tools are launched, they are terminated and their executable file is deleted from the file system. However, the malware is not clever enough to figure out these tools are running if you simply rename procexp.exe and filemon.exe to something like pr.exe and fm.exe.
The File Monitor showed me what process was deleting the procexp and filemon files and sure enough, it was trkwksvc.exe. Kill that process with Process Explorer. Delete trkwksvc.exe from your file system.
You will find entries in your registry for this that show it as "NET Service" - you'll find this listed in services.msc also, but you will likely be unable to edit or modify anything there. Search your registry for trkwksvc.exe and delete all instances of it and delete all keys for "NET Service".
This may solve your connectivity problems as you will no longer be plagued by the overwhelming network activity this things causes. I've also sent the file and my findings to Symantec, so hopefully they will soon provide virus definition files to combat this thing.
