General discussion

Locked

Weird processes

By uberg33k50 ·
I am working on a Win2003 server that has some odd processes running on it...such as:
winifkepu.exe
winixiosk.exe
wintuaq.exe
I cannot find any info on these process by doing searches but I belive they may be tied to something that is sending spam out from this server. Has anyone seen these before?

Thank you.

This conversation is currently closed to new comments.

9 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by cmiller5400 In reply to Weird processes

Definately sounds like virus/malware running on the system. Download Spybot S&amphttp://www.safer-networking.org Lavasoft's Adaware http://www.lavasoftusa.com and make sure that you are running a current virus scanner. A good free one is http://free.grisoft.com (note that it is only free for personal use.) Run all scans in safe mode once they are installed and updated.

Collapse -

by uberg33k50 In reply to

This answer is probably closest because it was a virus. The anti-virus software just didn't find it.

Collapse -

by uberg33k50 In reply to Weird processes

Thanks CM5400...I have actually run Hijack This, Adaware Away and Registry mechanic on it. Adaware says there are 9 problems but doesn't tell me what they are and doesn't fix them either. I also searched the registry. I just downloaded a rootkit detector that I was going to try next....it's making me crazy!

Collapse -

by rkuhn In reply to Weird processes

You could also use something like Process Explorer to help narrow down just exactly those processes are doing.

http://www.sysinternals.com/Utilities/ProcessExplorer.html

Collapse -

by uberg33k50 In reply to

Poster rated this answer.

Collapse -

by HAL 9000 Moderator In reply to Weird processes

Are you running the scans in Safe Mode if not you are highly unlikely to be able to remove any running processes as they will stay put until you stop them running. If you boot into Safe Mode where only the very minimum set of Drivers are loaded you'll find it far easier to remove the problem files.

Col

Collapse -

by uberg33k50 In reply to

Poster rated this answer.

Collapse -

by uberg33k50 In reply to Weird processes

Thanks to everyone. Here is the rest of the story. Before I took over helping these guys another company had installed Trend Micro Anti virus. It was there but had not been updated in a very long time. If you ran the update it appeared to update and when you ran the scan it found nothing. After I figured that part out it was easy (HA). Found the W32Sality R virus was rampant in the whole network. Finally got it cleaned. Thank you all for the suggestions though.

Collapse -

by uberg33k50 In reply to Weird processes

This question was closed by the author

Back to Windows Forum
9 total posts (Page 1 of 1)  

Related Discussions

Related Forums