What are these modules?

[SpawaczGE]

Hi all,

I have Zone Alarm installed on my Windows XP computer. Every time after the
computer is started, warning messages from ZA pop up:
"Do you want the xyz to access the Internet?"
"The program has accessed the Internet before"

The xyzs are:

a) Spooler SubSystem App

b) BackWeb - 1940576.exe

c) Generic Host Process for Win32

What are these programs? Should I let them access the Internet?

(Also this message pops up: "Do you want the LiveUpdate Engine COM Module to
access the Internet?". I let it access the Internet - it downloads updates for
Windows XP.)

I use AOL 9.0 with a dial up connection to access the Internet.

Thanks for any input.

Roman

 

[David H. Lipman]

1) Download the following three items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend Pattern File.
http://www.trendmicro.com/download/pattern.asp

Adaware SE (free personal version v1.05)
http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download Sysclean.com and place it in that directory.
Dowload the Trend Pattern File by obtaining the ZIP file.
For example; lpt238.zip

Extract the contents of the ZIP file and place the contents in the same directory as
sysclean.com.

2) Update Adaware with the latest definitions.
3) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode
5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using both the
Trend Sysclean utility and Adaware
7) If you are using WinME or WinXP, Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) If you are using WinME or WinXP, create a new Restore point

You can also try some of the below online scanners.

BitDefender:
http://www.bitdefender.com/scan/license.php

Computer Associates:
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

DialogueScience:
http://www.antivir.ru/english/www_av/

F-Secure:
http://support.f-secure.com/enu/home/ols.shtml

Freedom Online scanner:
http://www.freedom.net/viruscenter/index.html

Kaspersky:
http://www.kaspersky.com/de/scanforvirus

McAfee:
http://www.mcafee.com/myapps/mfs/default.asp

Panda:
http://www.pandasoftware.com/activescan/

RAV
http://www.ravantivirus.com/scan/

Symantec:
http://security.symantec.com/

Trend:
http://housecall.antivirus.com
http://housecall.trendmicro.com


* * * Please report your results ! * * *

Dave




| Hi all,
|
| I have Zone Alarm installed on my Windows XP computer. Every time after the
| computer is started, warning messages from ZA pop up:
| "Do you want the xyz to access the Internet?"
| "The program has accessed the Internet before"
|
| The xyzs are:
|
| a) Spooler SubSystem App
|
| b) BackWeb - 1940576.exe
|
| c) Generic Host Process for Win32
|
| What are these programs? Should I let them access the Internet?
|
| (Also this message pops up: "Do you want the LiveUpdate Engine COM Module to
| access the Internet?". I let it access the Internet - it downloads updates for
| Windows XP.)
|
| I use AOL 9.0 with a dial up connection to access the Internet.
|
| Thanks for any input.
|
| Roman
|
|

 

[madmax]

Hi all,

I have Zone Alarm installed on my Windows XP computer. Every time after the
computer is started, warning messages from ZA pop up:
"Do you want the xyz to access the Internet?"
"The program has accessed the Internet before"

The xyzs are:

a) Spooler SubSystem App

b) BackWeb - 1940576.exe

c) Generic Host Process for Win32

What are these programs? Should I let them access the Internet?
(Also this message pops up: "Do you want the LiveUpdate Engine COM Module to
access the Internet?". I let it access the Internet - it downloads updates for
Windows XP.)
I use AOL 9.0 with a dial up connection to access the Internet.
Thanks for any input.
Roman

A+C are normal windows apps. B is not.
Scan your system for malware as David said.
-max

--
To help you stay safe see: http://www.geocities.com/maxpro4u/madmax.html
Virus cleaning +fixes see: http://www.geocities.com/maxpro4u/TechPros
Change nomail.afraid.org to neo.rr.com so you can reply by e-mail
(nomail.afraid.org has been set up specifically for
use in Usenet. Feel free to use it yourself.)

 

[MJD]

Was your computer an HP with a pre-installed operating system, by any
chance?
I had a HP Pavilion which always tried to execute backweb for HP auto update
support.
I told ZA to disallow it and that was that!


--
Best Regards,
Martin Deeley
www.Binzel.com.au
The contents of this e-mail are confidential.
Any unauthorised use of the contents is expressly prohibited.
If you have received this e-mail in error, please advise us immediately
and then delete the e-mail and destroy any printed copies.
Thank you.

 

[SpawaczGE]

Subject: Re: What are these modules?
From: "MJD" (e-mail address removed)
Date: 11/7/2004 1:35 AM Pacific Standard Time
Message-id: <[email protected]>

Was your computer an HP with a pre-installed operating system, by any
chance?
I had a HP Pavilion which always tried to execute backweb for HP auto update
support.
I told ZA to disallow it and that was that!
[/QUOTE][/QUOTE][/QUOTE]

It is a Compaq, which merged with HP, didn't it?

Roman

 

[Roger Wilco]

A+C are normal windows apps. B is not.
Scan your system for malware as David said.

B may be legit also, investigate the registry to see for sure before deleting it.