This is very preliminary comment while awaiting anaysis. You may wish to review to become familiar with those parts of the HiJackThis Log being examined..... example:
[ NOTE... I am only a Forum member - not any official helper.]
If you are experiencing severe navigational problems I suggest you install and run (scan) the following while waiting:
Malicious Software Removal Tools....
Microsoft Free Malicious Software Removal Tool
http://www.microsoft.com/security/malwareremove/default.mspx To begin..... there are handfuls of what are called "same name threats" which are malware (trojans, viruses, worms, spyware) that intentionally have files that have the same name usually of Windows Operating System (OS) files or other softwares - intentionally to attempt to hide from security scans by antivirus and antispyware or real time detection by them, detecting malware in computer memory attempting to run. Attempting manual removal of these takes great diligence in identifying malware files as opposed to legitimate files to avoid fatal errors - corrupting Windows and/or other software(s ). Not recommended unless an Advanced User.
Generally, the first section of the Hi Jack This Log area are running processes of Windows and of course are many of the "same name threats" targets. These type malwares can be ruled out as present by full scans with quality antivirus and antispyware softwares that will be able to quarantine or delete the malware files without harming Windows and/or other software (s ).
General Windows Processes in HJT Logs:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
SAME-NAME THREATS EXAMPLES:
smss.exe
-------------------
smss.exe - smss - Process Information
http://www.liutilities.com/products/wintaskspro/processlibrary/smss/ smss.exe is a process which is a part of the Microsoft Windows
Operating System. It is called the Session Manager Subsystem and is
responsible for handling sessions on your system. This program is
important for the stable and secure running of your computer and
should not be terminated.
Note: smss.exe is a process which is registered as a trojan. This
Trojan allows attackers to access your computer from remote
locations, stealing passwords, Internet banking and personal data.
This process is a security risk and should be removed from your
system.
What is smss.exe? Is smss.exe spyware or a virus?
http://www.neuber.com/taskmanager/process/smss.exe.html Process name: Windows NT Session Manager
Product: Windows
Company: Microsoft
File: smss.exe
Security Rating:
This is the session manager subsystem, which is responsible for
starting the user session. This process is initiated by the system
thread and is responsible for various activities, including launching
the Winlogon and Win32 (Csrss.exe) processes and setting system
variables. After it has launched these processes, it waits for either
Winlogon or Csrss to end. If this happens "normally," the system
shuts down; if it happens unexpectedly, Smss.exe causes the system to stop responding (hang).
Note: The smss.exe file is located in the folder C:\Windows\System32.
In other cases, smss.exe is a virus, spyware, trojan or worm! Check
this with Security Task Manager.
Virus with same name:
W32.Dalbug.Worm - Symantec Corporation
Adware.DreamAd - Symantec Corporation
W32.Resdoc - Symantec Corporation
Adware.Advision - Symantec Corporation
Backdoor.IRC.Flood.F - Symantec Corporation
Backdoor.IRC.Aladinz.O - Symantec Corporation
and more....
winlogon.exe
--------------------------------
winlogon.exe
Process Name: Microsoft Windows Logon Process
winlogon.exe - winlogon - Process Information
http://www.liutilities.com/products/wintaskspro/processlibrary/winlogo n/
Windows errors related to winlogon.exe ?
winlogon.exe is a process belonging to the Windows login manager. It
handles the login and logout procedures on your system. This program is important for the stable and secure running of your computer and should not be terminated. Note: winlogon.exe is a process which is registered as a trojan. This Trojan allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data. This process is a security risk and should be removed from your system. Determining whether winlogon.exe is a virus or a legitimate Windows process depends on the directory location it executes or runs from.
What is winlogon.exe? Is winlogon.exe spyware or a virus?
http://www.neuber.com/taskmanager/process/winlogon.exe.html Process name: Windows NT/2000/XP Logon Application
Product: Windows
Company: Microsoft
File: winlogon.exe
Security Rating:
The process "winlogon.exe" runs in the background. It's a part of the
Windows Login subsystem. Winlogon is necessary for user authorization and checks the Windows XP activation code.
Note: The winlogon.exe file is located in the folder
C:\Windows\System32. In other cases, winlogon.exe is a virus,
spyware, trojan or worm! Check this with Security Task Manager.
Virus with same name:
W32.Netsky.D - see McAfee Symantec Corporation Trend Micro
iexplore.exe
------------------------------
iexplore.exe - iexplore - Process InformationProcess Name: Microsoft
Internet Explorer
http://www.liutilities.com/products/wintaskspro/processlibrary/iexplor e/
Windows errors related to iexplore.exe ?
iexplore.exe is the main executable for Microsoft Internet Explorer.
This Microsoft Windows application allows you to surf the world wide
web and the Internet. This program is a non-essential process, but
should not be terminated unless suspected to be causing problems.
Note: iexplore.exe could also be a process which belongs to the .
This program is a non-essential process, but should not be terminated unless suspected to be causing problems. Note: iexplore.exe is a process which is registered as a trojan. This Trojan allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data.
This process is a security risk and should be removed from your
system. Determining whether iexplore.exe is a virus or a legitimate Windows process depends on the directory location it executes or runs from. Check that iexplore.exe is stable on your computer.
What is iexplore.exe? Is iexplore.exe spyware or a virus?
http://www.neuber.com/taskmanager/process/iexplore.exe.html Process name: Microsoft Internet Explorer
Product: Windows
Company: Microsoft
File: iexplore.exe
Security Rating:
"iexplore.exe" is the Internet Browser from Mircosoft. It is a part
of the Windows Operating system. Check the security settings for this program to minimize the risk when you are surfing. Get more detailed information about iexplore.exe and all other running background processes with Security Task Manager.
Note: Any malware can be named anything - so you should check where the files of the running processes are located on your disk. If
a "non-Microsoft" .exe file is located in the C:\Windows or
C:\Windows\System32 folder, then there is a high risk for a virus,
spyware, trojan or worm infection!
gerald309bcpcnet webmaster bluecollarpc.net (non-commercial)
![Security [CENTRAL] Forum - SCforum.info](http://scforum.info/Security-Central-Forum-logo.gif){kind=logo}
![SCforum.info - Security [CENTRAL] Forum](http://feeds.feedburner.com/scforum/IZXj.1.gif)
Members
Total Members: 11250
Stats
