• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

Let's Play "Identify My Virus"

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.

CPFitz14

Member
Joined
May 23, 2002
Location
Michigan
I've been having some trouble for a long time with some sort of virus that I can't seem to get rid of. I've scanned with Norton, and downloaded all sorts of other programs, but to no avail. Basically, the symptoms are that CPU usage is usually at 100%, and I can't get into task manager, or regedit. I also get lots of errors in IE, but I think thats unrelated, and has some what subsided since I updated to IE6.

When I try to go into task manager (Windows 2000 by the way), Task Manager pops up, and then disappears after about 1 or 2 seconds. Same deal with regedit. This thing is smart, it knows what can be used to clear it out. I installed some third party antivirus software, can't remember what, and it showed all of the processes that I had running, and all of them that were loaded on startup. I identified two suspicious processes; but crap, I can't remember there names exactly. I know for sure that one was "filename.exe," and I know that the other one was either "operation1337.exe" or "operationl337.exe" or under the description, it said Operation 1337. Definitely suspicious, and not something of mine. The third party software expired because I reset my cmos, which reset my system clock, and yeah, its 2001 now.

I deleted those two files several times, but they kept coming back, I also disabled them from coming up at startup, but they still started up. I thought I got rid of them for sure, and I was able to get into task manager for a little while. Now its back again, and I'm having the same problem, but my system doesn't seem as sluggish.

I don't really feel like reformatting, but I'll probably end up having to. Any ideas, or program recommendations?


-CPFitz-
 
Heh, thanks. :D Although, I must admit that it isn't a game that I want to be playing very often.;):D:rolleyes:


-CPFitz-
 
Dang! by your story this thing is smart and sounds like its not on the virus definition list.
Did you try to boot in safe mode to see if its still running? have you tried scanning online? AVG is good as well as NAV. I would disconnect it from your LAN right away.

Well good luck and keep us updated.
mameXP,
 
Tried booting into safe mode and deleting files, I think thats how I finally got rid of them. Of course, I don't know whether or not they were actually deleted. Any links to places I can scan online?


Oh, and MameXP, how is that keyboard working out for you? Still going strong?;)


-CPFitz-
 
You could try trend micro's housecall, but I doubt it would find it. It sounds like something new to me, I haven't found any info on either of those filenames. It sounds to me that it has an actual executable that run constantly, and another that only breifly runs to replace the main one in case it is deleted. To find all of them try running a search for all applications on your computer since about 10 days before you started noticing problems. You might try downloading a bootable linux distro such as LNX-BBC to delete the files since its doubtful you'd be able to completly do it within Windows.
If all else fails, I'd say just reinstall. It doesn't take that long to back stuff up and then reinstall it. But if you do back stuff up onto another hard drive or other media, I'd say also to do it within linux, in case the virus jumps on to the backup disk.
 
Last edited:
Could be memory resident. Try using A Mcafee emergency boot disk. I believe the app is scanpm or just scan on the disk. Some virus can do a pretty good job of hiding in the windows environment, so searching for it in "dos" could be the ticket. Do a cold boot as well. Mcaffe has some info on this on their site. Also check your system properties, make sure it doesnt say running in "msdos" compatibility. IT should say that in safe mode, but not in normal all of its glory mode.
 
might not even be a virus. could be some rather nasty spyware or adware. give your system a check with adaware and spybot.

Adaware
Spybot

*edit*

after pulling my head out of my rear end, your problems definately dont sound like any spyware i've ever come across.. you're most likely right, some sort of virus, or trojan.

have you tried that online scan with trendmirco's housecall software like was suggested earlier?
 
I just got some trojan, "spoolsvv", it seems to be new, cause it is not on any of the major AV sites and google only came up with a few sites(like7). Got it deleted on my own after about an hour, it is not as smart as yours though, I was able to access the registry and disable it starting as a service and then delete it using a proggy that seemsto be able to delete programs that are in use.

You may want go to msconfig and look at the see if it is starting as a service.

Also this spoolsvv kept my HD light on searching while it was running, scary.

Edit: Here is a helpful site that lists thousands of processes and tells you whether it is good/bad needed/not needed.

http://sysinfo.org/startupinfo.php

Use the search at the bottom of this page, it comes up with three possible viruses you may have(for "filename.exe" anyway, dunno about the other one you mentioned)

http://sysinfo.org/startuplist.php
 
same thing here. i was getting the nachi worm detected by pc-cillin 02 but no matter what i did, i couldn't delete it...trend's site says the nachi worm removes itself once the calendar year hits 2004...i guess i'll find out tomorrow.
 
Yeah, I've gotten an unknown worm before. Couldn't find info on it anywhere. It was a file called msmsngr32.exe. I submitted it to Trend Micro and now it is in the definition files. It was easy to get rid of though I just deleted its registry keys and deleted it on reboot.
 
i just did trend's house call and it doesn't detect the virus..i don't need to get into regedit just yet but i will soon. i hope this removes itself tomorrow...i'm gonna try and adjust the date and restart....
 
Back