ping to google

G

Guest

I have a strange problem in my notebook with XPsp2: when I work at home and I
connect to ADSL, the process NTDVM.exe starts and "inglobes" 100% of CPU.
By means of Norton GoBack, I have found, that after the connection, a ping
to google occurs (so involving cmd.exe). In particular, these are the related
commands:

/C ping -n 1 -w 1000 66.102.9.99 | find/C"(100%"
ping -n 1 -w 1000 66.102.9.99
find/C"(100%"
After these, the following occurs:
c:\windows\temp\QkstCBFsc.jpg (created/eliminated)
c:\windows\fdtnfnhrgit.exe
c:\windows\tasks\ipfqvkq|crfynpnoo.dat (substitued/modified)
c:\windows\system32\ntdvm.exe -f -i1
...and CPU goes to 100%!
I have run F-secure and Panda anti-virus, as well as Spyboot Search&Destroy,
but I have not found virus. In addition, Hijackthis does not highlightes
particular problem (at least, this is my impression..). Any suggestion to
solve the problem?
Where could be located the ping command? I have seen that some virus
(W32.Mimail.p@mm) ping to google to propagate itself, but I have not found
the virus file on my computer.. Thank you for your help
 
P

Pegasus \(MVP\)

giordi said:
I have a strange problem in my notebook with XPsp2: when I work at home and I
connect to ADSL, the process NTDVM.exe starts and "inglobes" 100% of CPU.
By means of Norton GoBack, I have found, that after the connection, a ping
to google occurs (so involving cmd.exe). In particular, these are the related
commands:

/C ping -n 1 -w 1000 66.102.9.99 | find/C"(100%"
ping -n 1 -w 1000 66.102.9.99
find/C"(100%"
After these, the following occurs:
c:\windows\temp\QkstCBFsc.jpg (created/eliminated)
c:\windows\fdtnfnhrgit.exe
c:\windows\tasks\ipfqvkq|crfynpnoo.dat (substitued/modified)
c:\windows\system32\ntdvm.exe -f -i1
..and CPU goes to 100%!
I have run F-secure and Panda anti-virus, as well as Spyboot Search&Destroy,
but I have not found virus. In addition, Hijackthis does not highlightes
particular problem (at least, this is my impression..). Any suggestion to
solve the problem?
Where could be located the ping command? I have seen that some virus
(W32.Mimail.p@mm) ping to google to propagate itself, but I have not found
the virus file on my computer.. Thank you for your help
Click to expand...

Sounds like spyware or malware. The processes you list:

c:\windows\temp\QkstCBFsc.jpg (created/eliminated)
c:\windows\fdtnfnhrgit.exe
c:\windows\tasks\ipfqvkq|crfynpnoo.dat (substitued/modified)

are not native Windows processes. Furthermore, if ntvdm.exe
(not ntdvm.exe!) gets invoked then you're running some 16-bit
command. It's not ping.exe - ping is a 32-bit application.
 
G

Guest

Sorry, I confused the name of the process: as you observed, the correct one
is ntvdm.exe (and not the other ntdvm.exe that is a malware).
I know that ntvdm.exe should be related to 16bit dos application (an I am
not running nothing of it), but I have seen that the file cmd.exe is probably
called. It is interesting to observe that from Prefetch, the following
sequence is called:
WUAUCLT.EXE
PING.EXE
FIND.EXE
CMD.EXE
Do you have any suggestion? The files you mentioned are created/deleted each
time and then it is not possible to remove the possible malware (if it is).
I should find where the ping command is assigned..
Thank you


I have seen
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Can't Ping When Name Resolved using lmhosts File 3
Slow DNS response to Ping 1
Cannot ping desktop from laptop or router 6
Help with windows XP big problem 1
what to use 2
XP Performance Issue 5
Unable to access internet from windows ME client on ICS 2
Cannot Navigate to Google 2

Top