May have a big malware/spyware prob..

2009-09-17 21:50:32

#1

Tdog2007: Giggity Giggity; +25|6973|US

so gettin right to it has anyone ever had the processes:
roxliveshare9.exe
roxwatchtray9.exe
roxiopnpservice9.exe
wrconsumerservice.exe
or wmprvse.exe

ever startup with their computer? i found em in the task manager and i just keep ending the tasks every time i start the comp, but pretty sure they're fckn something up. what do you guys need to help me out here cuz i dont want to reformat the dam pc...yet.

first off give ya a screenie of my task manager as of now

https://i5.photobucket.com/albums/y153/Kurt16/agahdsgrfsgs.jpg

the last one is yahoomessenger.exe

any help?

2009-09-17 22:01:14

#2

Defiance: Member; +438|6931

1) Google any unknown process names. Determine if you want them running or not.
2) Type MSConfig, go to startup, remove them.
3) Check the startup folder in your start menu as well.
4) Find and delete the .exes, if possible.
5) Virus scan, firewall, virus scan.

2009-09-17 22:04:29

#3

jsnipy: ...; +3,277|6783|...

Instead of the default process explorer use Process Explorer (http://technet.microsoft.com/en-us/sysi … 96653.aspx)

This can show you exactly where the executables/binaries are on disk are and you can simply right click to google them.

Instead of msconfig, use AutoRuns (http://technet.microsoft.com/en-us/sysi … 63902.aspx). This will show you much more than msconfig and again will allow you right click and google something you are unsure of.

edit: those things look like roxio software and some server component of windows media player (wild guess is this a dell?)

Last edited by jsnipy (2009-09-17 22:08:45)

2009-09-17 22:08:09

#4

Catbox: forgiveness; +505|6976

have you run malware bytes and spybot?
http://www.malwarebytes.org/
http://www.safer-networking.org/index2.html

and cw shredder(browser hijacks)
http://download.cnet.com/CWShredder/300 … 01587.html
and hijack this(don't delete anything unless you know what you are doing...)
http://download.cnet.com/Trend-Micro-Hi … 27353.html

also for rootkits... free scanner
Gmer and catch me
http://www.gmer.net/
http://www.gmer.net/#files

and there is ComboFix
this program is a last resort before you reformat...
It is powerful and if done incorrectly can screw up your system...
http://www.bleepingcomputer.com/combofi … e-combofix

Last edited by [TUF]Catbox (2009-09-17 22:10:15)

Love is the answer

2009-09-17 22:12:17

#5

Kmar: Truth is my Bitch; +5,695|6861|132 and Bush

jsnipy wrote:
Instead of the default process explorer use Process Explorer (http://technet.microsoft.com/en-us/sysi … 96653.aspx)

This can show you exactly where the executables/binaries are on disk are and you can simply right click to google them.

Instead of msconfig, use AutoRuns (http://technet.microsoft.com/en-us/sysi … 63902.aspx). This will show you much more than msconfig and again will allow you right click and google something you are unsure of.

I hope you're getting royalties for sharing this program .

I used to use a program called wintask pro and it was awsum. I think it has since been discontinued though.

Xbone Stormsurgezz

2009-09-17 22:14:04

#6

Kmar: Truth is my Bitch; +5,695|6861|132 and Bush

[TUF]Catbox wrote:
have you run malware bytes and spybot?
http://www.malwarebytes.org/
http://www.safer-networking.org/index2.html

and cw shredder(browser hijacks)
http://download.cnet.com/CWShredder/300 … 01587.html
and hijack this(don't delete anything unless you know what you are doing...)
http://download.cnet.com/Trend-Micro-Hi … 27353.html

also for rootkits... free scanner
Gmer and catch me
http://www.gmer.net/
http://www.gmer.net/#files

and there is ComboFix
this program is a last resort before you reformat...
It is powerful and if done incorrectly can screw up your system...
http://www.bleepingcomputer.com/combofi … e-combofix

Something else that is often overlooked. MS's Malicous software remover.

Start>run>mrt

Xbone Stormsurgezz

2009-09-17 22:14:54

#7

jsnipy: ...; +3,277|6783|...

Kmarion wrote:
jsnipy wrote:
Instead of the default process explorer use Process Explorer (http://technet.microsoft.com/en-us/sysi … 96653.aspx)

This can show you exactly where the executables/binaries are on disk are and you can simply right click to google them.

Instead of msconfig, use AutoRuns (http://technet.microsoft.com/en-us/sysi … 63902.aspx). This will show you much more than msconfig and again will allow you right click and google something you are unsure of.
I hope you're getting royalties for sharing this program .

I used to use a program called wintask pro and it was awsum. I think it has since been discontinued though.

Sysinternals tools just work, they have been around for ages and are uses by professionals. No gimmicks or novelty with them. They are also completely 100% free. They have saved me on countless occasions.

Last edited by jsnipy (2009-09-17 22:15:29)

2009-09-18 07:27:21

#8

Dilbert_X: The X stands for; +1,815|6366|eXtreme to the maX

roxliveshare9.exe
roxwatchtray9.exe
roxiopnpservice9.exe
wrconsumerservice.exe

Too much porn I think.

Malware Bytes is the best I know of.

Fuck Israel

2009-09-18 09:09:32

#9

Benzin: Member; +576|6259

http://www.spyany.com/files/roxliveshare9_exe.html

2009-09-18 12:09:10

#10

Tdog2007: Giggity Giggity; +25|6973|US

no its not a dell, its custom built.

ok so i lost the fight and had to format and install windows again... i went looking for the processes above and figured out the first 3 were from roxio. so wondered how they got on and was gonna delete them, but when i clicked to drag to recycle bin all hell broke loose. locked up the system and wouldnt let me do anything.

casualties:
all personal photos
all bookmarks
all passwords (cept for the little list i managed to write down quickly)
$400-$500 worth of music... this is the worst part...

needed a format anyway i guess...

so which of all the above stuff (above posts) should i install on my clean computer? ive got norton and spysweeper on already so no need for antivirus or antispyware

Last edited by Tdog2007 (2009-09-18 12:11:09)

2009-09-18 12:34:10

#11

IrishGrimReaper: Field Marshal | o |; +142|6981|Ireland | Monaghan

Could you not backup the music before you re-installed?

Tbh, aslong as you're careful you shouldn't really get infected, of all the things I wouldn't use Norton(quite a resource hog and a pain in general), I had that like 3 years ago, and I'm now using the free Avast Home Edition which is great.

Most of the programs above are used to get rid of the viruses that were still left behind after using a normal virus scanner/ad ware scanner. You won't need to use HiJack this/ComboFix for everyday use.

Prevention is the best way to keep yourself rid of viruses.

Bleeping Computer has a few good tutorials on quite alot of malware issues, here's one for keeping yourself safe.
http://www.bleepingcomputer.com/tutoria … ial82.html

Intel Core i7 CPU 920 @ 4GHz || 3x2 GB OCZ 1600Mhz DDR3 || 80GB Intel X25-M Gen 2 || KFA2 GTX 480 1536Mb ||| Samsung T220 || Xonar DX 7.1 || AV 40 || P6T Deluxe V2 || Win 7 HP 64 Bit || Lian Li P80

2009-09-18 17:19:08

#12

Dilbert_X: The X stands for; +1,815|6366|eXtreme to the maX

Malware Bytes has always seemed ahead of the curve for me.
The free version is handy for when you get the sort of problem you had.
Just install it, update once a week and cross your fingers.
If you get a problem run it and you may be lucky.
Apart from that stay off the porn!

Fuck Israel

2009-09-18 17:27:40

#13

tazz.: oz.; +1,338|6435|Sydney | ♥

Gatway Firewalls mates.... srsly.

♥

^{everything i write is a ramble and should not be taken seriously.... _{seriously. ♥}}

2009-09-18 19:35:08

#14

Dilbert_X: The X stands for; +1,815|6366|eXtreme to the maX

Its too late now but....
If I rebuild I do it on a new hard drive.
They're cheap enough, usually faster than the old one and you can put the old one in a case and suck the data out of it later if you need to.
I think...

Fuck Israel

2009-09-18 20:30:45

#15

Catbox: forgiveness; +505|6976

Do you have another computer?
If you do... you can use your messed up drive as a slave drive
connect it to the good computer...
then start your good computer and then you will have access to the messed up drive...
and you can drag the music files onto the good comp
or burn the music to disc.

Love is the answer

2009-09-18 20:33:06

#16

jsnipy: ...; +3,277|6783|...

Tdog2007 wrote:
no its not a dell, its custom built.

ok so i lost the fight and had to format and install windows again... i went looking for the processes above and figured out the first 3 were from roxio. so wondered how they got on and was gonna delete them, but when i clicked to drag to recycle bin all hell broke loose. locked up the system and wouldnt let me do anything.

casualties:
all personal photos
all bookmarks
all passwords (cept for the little list i managed to write down quickly)
$400-$500 worth of music... this is the worst part...

needed a format anyway i guess...

so which of all the above stuff (above posts) should i install on my clean computer? ive got norton and spysweeper on already so no need for antivirus or antispyware

did you try recuva (http://www.recuva.com/) on the drive to try and get some of the stuff? This will work after a format assuming you did a quick format.

2009-09-18 20:58:12

#17

Stubbee: Religions Hate Facts, Questions and Doubts; +223|7003|Reality

Tdog2007 wrote:
no its not a dell, its custom built.

ok so i lost the fight and had to format and install windows again... i went looking for the processes above and figured out the first 3 were from roxio. so wondered how they got on and was gonna delete them, but when i clicked to drag to recycle bin all hell broke loose. locked up the system and wouldnt let me do anything.

casualties:
all personal photos
all bookmarks
all passwords (cept for the little list i managed to write down quickly)
$400-$500 worth of music... this is the worst part...

needed a format anyway i guess...

so which of all the above stuff (above posts) should i install on my clean computer? ive got norton and spysweeper on already so no need for antivirus or antispyware

You gave up too easily.
www.techguy.org has free help from very knowledgeable moderators. they help step by step to remove malware etc.

Last edited by Stubbee (2009-09-19 05:42:45)

The US economy is a giant Ponzi scheme. And 'to big to fail' is code speak for 'niahnahniahniahnah 99 percenters'

2009-09-19 03:08:50

#18

Tdog2007: Giggity Giggity; +25|6973|US

yea i shoulda just went to sleep, but my mind races around the issue and wont rest until somethings done, so i formated n said hell with it.

@jsnipy - i dont exactly know what kind of format i did. i think it was a quickie. if i did a thorough will it be able to get em back anyway?

edit - ha, recuva made by piriform. i use their ccleaner

Last edited by Tdog2007 (2009-09-19 03:12:24)

2009-09-19 03:11:39

#19

Benzin: Member; +576|6259

I never would have formatted without backing up all of the data ... your own fault. You could have removed the malware with a bit of work.

2009-09-19 03:13:27

#20

Tdog2007: Giggity Giggity; +25|6973|US

well, like i said. it locked up my comp so i couldnt backup anything or open anything besides do what the damn malware thing told me to (which i didnt of course).

and im more accepting to it now. life sucks. shit happens. move on.

@ jsnipy again - i unchecked some stuff with autoruns and dont know if i need to save it to a certain spot on my computer. or does it link itself with startup to make the unchecked not start?

Last edited by Tdog2007 (2009-09-19 05:30:28)

BF2S Forums May have a big malware/spyware prob..

jsnipy wrote:

[TUF]Catbox wrote:

Kmarion wrote:

jsnipy wrote:

Tdog2007 wrote:

Tdog2007 wrote:

Board footer