pmon strange listing

[Aleksey Tkachenko]

Hi!

Windows XP Service Pack 2 Support Tools
pmon
version 5.1.2600.0

0 0:00:00 2296 0 579 0 748 62 15 8 68 3 e.exe

What does it mean "e.exe"?

E:\Program Files\Support Tools>taskkill /IM e.exe
ERROR: The process "e.exe" not found.

E:\Program Files\Support Tools>tskill e.exe
Could not find process: e.exe

I tried to use

task manager
Soft Monitor v 1.1
Warecase eXtended Task Manager
TaskInfo 7.2.0
pstat
Process Explorer Russinovich
Process Monitor Russinovich

they do not see this e.exe

At another machine pmon found processes with empty names, names like "c.exe" and "exe".
At third machine it found nothing strange at all.

So I really don't know what to think about all this stuff.

Aleksey

 

[Malke]

Hi!

Windows XP Service Pack 2 Support Tools
pmon
version 5.1.2600.0

0 0:00:00 2296 0 579 0 748 62 15 8 68 3 e.exe

What does it mean "e.exe"?

E:\Program Files\Support Tools>taskkill /IM e.exe
ERROR: The process "e.exe" not found.

E:\Program Files\Support Tools>tskill e.exe
Could not find process: e.exe

they do not see this e.exe

At another machine pmon found processes with empty names, names like
"c.exe" and "exe".
At third machine it found nothing strange at all.

(with snippage)

http://www.google.com/search?hl=en&q=e.exe&btnG=Search
http://www.google.com/search?hl=en&q=c.exe&btnG=Search

Your computers are infected with trojans. Time to take down the network
and clean everything up.

Go through these general malware removal steps systematically -
http://www.elephantboycomputers.com/page2.html#Removing_Malware

Include scanning with David Lipman's Multi_AV and follow instructions to
do all scans in Safe Mode.

http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions
http://www.pctipp.ch/downloads/sicherheit/35905/multi_av_scanning_tool.html
- download site

The site is in German but David's tool is in English so don't let that
worry you. Scroll all the way down to almost the bottom of the page and
you'll see a box titled "Infos Zum Download - Multi-AV Scanning Tool".
You'll see "Download von www pctipp.ch" and the live link to download
Multi_AV.

You can also check to see if there are targeted removal steps for your
malware here:
Bleeping Computer removal how-to's -
http://www.bleepingcomputer.com/forums/forum55.html

When all else fails, run HijackThis and post your log in one of the
specialty forums listed at the first link above (not here, please).

Standard caveat: If the procedures look too complex - and there is no
shame in admitting this isn't your cup of tea - take the machine to a
professional computer repair shop (not your local version of
BigComputerStore/GeekSquad). Please be aware that not all local shops
are skilled at removing malware and even if they are, your computer may
be so infested that Windows will need to be clean-installed. Have all
your data backed up before you take the machine into a shop.


Malke

 

[Aleksey Tkachenko]

skip

Your computers are infected with trojans. Time to take down the network
and clean everything up.

Thank you Malke, I will try all your links posted here, but I feel like it is some kind of offtopic here,
because we are at the Microsoft forum and my first desire is to listen to some MS specialist
describing how it can be that there are some processes in their OS and no software can provide
any intelligible information about them except the module name which can be empty???



Aleksey

 

[Malke]

Thank you Malke, I will try all your links posted here, but I feel like
it is some kind of offtopic here,
because we are at the Microsoft forum and my first desire is to listen
to some MS specialist
describing how it can be that there are some processes in their OS and
no software can provide
any intelligible information about them except the module name which can
be empty???

You are mistaken in your understanding of this venue. This is not a
forum; it's a Usenet newsgroup hosted on Microsoft servers. While
occasionally an MS employee will post in the Microsoft public
newsgroups, the vast majority of helpers are volunteers who do not work
for the company. In short, this is a peer-to-peer tech support newsgroup
and not Microsoft. So you posting information that lets me know that
your computers are infected with trojans and me telling you how to clean
them up is not off-topic since the security of your computers has been
compromised.

If you want to speak officially to Microsoft tech support, you need to
call them.

Contact MS - http://support.microsoft.com/gp/contactuswindows?sd=win
MS International Support -
http://support.microsoft.com/common/international.aspx

As far as your question, there is no point in wondering why things are
showing up the way they are when your computer is infected with trojans.
Malware affects how your operating system works and so you should not
take anything about an infected system as the norm.

Good luck,


Malke

 

[Aleksey Tkachenko]

Aleksey Tkachenko wrote: skip
As far as your question, there is no point in wondering why things are
showing up the way they are when your computer is infected with trojans.
Malware affects how your operating system works and so you should not
take anything about an infected system as the norm.

I just thought that they can be interested, because one admin tool sees the process and
another - not. I don't think this can be normal in any circumstances. I think the OS
has to have some kernel not affected by malware and some tools to ask kernel
and find the problem. If this does not work then we all will need to reinstall system from
time to time and bootable live Linux CD will look more attractive then WXP.

Aleksey.

 

[Malke]

Aleksey Tkachenko wrote:

(some snippage)

I think the OS has to have some kernel not affected by malware and some
tools to ask kernel and find the problem.

I can't imagine why you would think this. You obviously know nothing
about how viruses/non-viral malware works. I gave you tools to fix the
problem - which doesn't exist in the operating system by itself but
rather in the fact that your machines are infected.

If this does not work then we

all will need to reinstall system from time to time and bootable live
Linux CD will look more attractive then WXP.

I also can't imagine why you would think that anyone would care what
operating system you use. As for a Linux Live CD, the fact that you
would consider using a Live CD for everyday work instead of installing a
distro to the hard drive shows that you really don't know what you're
doing. And I say this as someone who has used Linux for her own work
exclusively for over 7 years and is now using OS X.

You should consider having a local professional come on-site and clean
up your computers and, if you wish to change operating systems, install
a Linux distro for you since you're not going to be able to do this
yourself.

EOT for me.


Malke

 

[Aleksey Tkachenko]

Aleksey Tkachenko wrote:

(some snippage)


I can't imagine why you would think this. You obviously know nothing
about how viruses/non-viral malware works. I gave you tools to fix the
problem - which doesn't exist in the operating system by itself but
rather in the fact that your machines are infected.

Malke, I want to think about what do you recommend. You recommend tools,
which are checking the OS for malware by some indirect indications, based
mostly on our knowledge about _already met malware_. I want you to think
what does this mean. This means that nobody can tell you for sure that your
OS is not already cracked. I want you to think what does this mean. This means the
end of security for MS. Because if the virus was not widespreaded or even
created individually for your computer, you will wait for several months or infinity
before it can be detected by the tools you recommend here.

I have red the newest article about malware at MS site. They recommend to make
a bootable CD stuffed with thirdparties, even made by enthusiasts, who distrib their
software for free. For such a highpriced OS like MS Windows this looks like total
surrender.

And also I want you to think about what am I asking here about. I am asking about
simplest basic admin tool, which has to provide basic info about such basic things of OS
like processes. An I have no answer about this from MS staff for several days.
I do not want to argue over all these things with you, I just want you to think what all
these things really mean.

Anyway, the private practical part of my question is very simple - if I will try all of that
motley antispyes and they will find nothing - what do I have to think? I have to think that
the pmon is buggy tool or I have to think that I need to reinstall my OS?
That is the question... And no answer from MS for now.

Aleksey.