Random-named process in task manager

[middlesbrough]

Hi,

There appears to be a 6-letter randomly named porcess in Task Manager
on a WinXP SP2 computer every time it starts up. I've installed both
Spybot and MS Antispyware, made sure both were up-to-date and ran scans
(computer has Trend Micro Officescan as AV). Spybot cleared out a few
usual spyware bits and pieces then MS Antispyware found nothing.
There is a process that has a different 6-letter name each time that
looks a bit dodgy. I'm thinking it's spyware/malware but obviously
something Spybot or MS Antispyware can't detect.
I'm scouring the net for anything that might give a clue but I'll post
this to see if anyone might know how to stop this tricky little bugger.

Cheers,

Timboi

 

[Malke]

Hi,

There appears to be a 6-letter randomly named porcess in Task Manager
on a WinXP SP2 computer every time it starts up. I've installed both
Spybot and MS Antispyware, made sure both were up-to-date and ran
scans (computer has Trend Micro Officescan as AV). Spybot cleared out
a few usual spyware bits and pieces then MS Antispyware found nothing.
There is a process that has a different 6-letter name each time that
looks a bit dodgy. I'm thinking it's spyware/malware but obviously
something Spybot or MS Antispyware can't detect.
I'm scouring the net for anything that might give a clue but I'll post
this to see if anyone might know how to stop this tricky little
bugger.

It sounds like you have one of the Vundo variants. Run HijackThis and
post your log to one of these forums (not here, please):

http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Merijn
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42 -
another tutorial
http://aumha.net/viewforum.php?f=30
http://castlecops.com/forum67.html
http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
forum
http://www.wilderssecurity.com/
http://forums.tomcoyote.org/

Read the posting FAQ of whatever forum you choose.

Malke

 

[middlesbrough]

It sounds like you have one of the Vundo variants. Run HijackThis and
post your log to one of these forums (not here, please):

http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Merijn
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42 -
another tutorial
http://aumha.net/viewforum.php?f=30
http://castlecops.com/forum67.html
http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
forum
http://www.wilderssecurity.com/
http://forums.tomcoyote.org/

Read the posting FAQ of whatever forum you choose.

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

Malke,

Thankls for your reply - after a few investigations, it turns out that
it was a Trend micro Officescan process. Once I'd run HijackThis, it
showed me where the exe was and I tracked it down and noticed it had a
weird icon (small brown dog). I then looked this up in google and found
someone who'd found the same thing and the last post mentioned
something about Trend. I phoned Trend and they confirmed it.

Cheers,

Timboi

 

[Malke]

Malke,

Thankls for your reply - after a few investigations, it turns out that
it was a Trend micro Officescan process. Once I'd run HijackThis, it
showed me where the exe was and I tracked it down and noticed it had a
weird icon (small brown dog). I then looked this up in google and
found someone who'd found the same thing and the last post mentioned
something about Trend. I phoned Trend and they confirmed it.

Cheers,

Timboi

Excellent! What a great job of troubleshooting you did! Thanks for
taking the time to post back with this very useful information.

Malke