General discussion

  • Creator
    Topic
  • #2259175

    Weird processes

    Locked

    by uberg33k50 ·

    I am working on a Win2003 server that has some odd processes running on it…such as:
    winifkepu.exe
    winixiosk.exe
    wintuaq.exe
    I cannot find any info on these process by doing searches but I belive they may be tied to something that is sending spam out from this server. Has anyone seen these before?

    Thank you.

All Comments

  • Author
    Replies
    • #3283959

      Reply To: Weird processes

      by cmiller5400 ·

      In reply to Weird processes

      Definately sounds like virus/malware running on the system. Download Spybot S&D http://www.safer-networking.org Lavasoft’s Adaware http://www.lavasoftusa.com and make sure that you are running a current virus scanner. A good free one is http://free.grisoft.com (note that it is only free for personal use.) Run all scans in safe mode once they are installed and updated.

      • #3199978

        Reply To: Weird processes

        by uberg33k50 ·

        In reply to Reply To: Weird processes

        This answer is probably closest because it was a virus. The anti-virus software just didn’t find it.

    • #3283948

      Reply To: Weird processes

      by uberg33k50 ·

      In reply to Weird processes

      Thanks CM5400…I have actually run Hijack This, Adaware Away and Registry mechanic on it. Adaware says there are 9 problems but doesn’t tell me what they are and doesn’t fix them either. I also searched the registry. I just downloaded a rootkit detector that I was going to try next….it’s making me crazy!

    • #3283799

      Reply To: Weird processes

      by rkuhn040172 ·

      In reply to Weird processes

      You could also use something like Process Explorer to help narrow down just exactly those processes are doing.

      http://www.sysinternals.com/Utilities/ProcessExplorer.html

    • #3283766

      Reply To: Weird processes

      by hal 9000 ·

      In reply to Weird processes

      Are you running the scans in [b]Safe Mode[/b] if not you are highly unlikely to be able to remove any running processes as they will stay put until you stop them running. If you boot into [b]Safe Mode[/b] where only the very minimum set of Drivers are loaded you’ll find it far easier to remove the problem files.

      Col

    • #3199982

      Reply To: Weird processes

      by uberg33k50 ·

      In reply to Weird processes

      Thanks to everyone. Here is the rest of the story. Before I took over helping these guys another company had installed Trend Micro Anti virus. It was there but had not been updated in a very long time. If you ran the update it appeared to update and when you ran the scan it found nothing. After I figured that part out it was easy (HA). Found the W32Sality R virus was rampant in the whole network. Finally got it cleaned. Thank you all for the suggestions though.

    • #3199976

      Reply To: Weird processes

      by uberg33k50 ·

      In reply to Weird processes

      This question was closed by the author

Viewing 5 reply threads