Security, computer

[azurelunatic]

Note: Any process running with company name "tmax" is bad news. Squash it like the bug it is. Thanks to AdAware and Spybot Search & Destroy (recommended to me by sraun, IIRC) I'm getting decent at this.

AdAware's log files give me more complete information on my processes than the Task Mangler Manager does, so I can make up a list of what does belong and what does not belong. In fact, some day when I have time, I'm going to make up an explicit file stating what does and does not belong as a process on my computer when pretty much everything is closed.

Oh, and Lycos is on my shitlist too, because I didn't ask them to install anything. C:\Program Files\Lycos gets installed without me asking. Grr, argh. "Clearsearch" is what it gets called.


These two are tmax:
C:\WINNT\System32\etuplogs.exe
C:\WINNT\pup.exe


My strong suspicion is that someone with an unclean system slipped me the tmax thing, possibly over AIM; I've heard (much to my regret) that now certain bad things can propagate over AIM without the user necessarily knowing about it, grr, argh.

#:30 [etuplogs.exe]
FilePath : C:\WINNT\System32\
ThreadCreationTime : 4-2-2004 4:24:04 PM
BasePriority : Normal
FileSize : 64 KB
FileVersion : 4.00.0001 8
Produc
ProductVersion : 4.00.0001 (
Intern
CompanyName : tmax 4

InternalName : pup 8

OriginalFilename : pup.exe ???
ProductName : dawglife 4
File
Created on : 4/2/2004 4:24:02 PM
Last accessed : 4/2/2004 4:24:02 PM
Last modified : 3/31/2004 6:11:20 PM
LUNATIC NOTE: BAD! DELETED!
delete C:\WINNT\System32\etuplogs.exe
delete C:\WINNT\pup.exe

#:31 [cs4p081.exe]
FilePath : C:\WINNT\
ThreadCreationTime : 4-2-2004 4:24:35 PM
BasePriority : Normal
FileSize : 79 KB
FileVersion : 1, 4, 0, 4
ProductVersion : 1, 4, 0, 4
Copyright : Copyright 2003, 2004
CompanyName : Clear Search
FileDescription : Loader
InternalName : Loader
OriginalFilename : Loader.exe
ProductName : Loader
Created on : 4/2/2004 4:24:35 PM
Last accessed : 4/2/2004 4:24:35 PM
Last modified : 3/25/2004 12:46:52 AM
LUNATIC NOTE: BAD! DELETED!
delete C:\WINNT\cs4p081.exe
delete C:\Program Files\Lycos

And the one from last time...

#:28 [playd.exe]
FilePath : C:\WINNT\System32\
ThreadCreationTime : 03-01-2004 6:52:17 AM
BasePriority : Normal
FileSize : 64 KB
FileVersion : 1.00.0001 8
Produc
ProductVersion : 1.00.0001 0
Intern
CompanyName : tmax 0

InternalName : pupdate @
Orig
OriginalFilename : pupdate.exe ????4??
ProductName : werule 4
Fi
Created on : 03/01/2004 6:51:59 AM
Last accessed : 03/01/2004 6:51:59 AM
Last modified : 02/12/2004 7:23:06 AM

Note: Unless you're good at monkeying around with the innards of your computer, I strongly suggest you leave it to the professionals, or just look and don't poke. If I fux0r my own system, you will certainly hear me crying about it, but I won't be crying for help so much as I'd just be crying, mostly at my own stupidity.

Comments

[elysianmusings.livejournal.com]

What irritates the absolute shit out of me is that whilst searching around some pagan musician sites, my Norton Anti-virus goes berzerk about some kind of trogan. Bam. Took care of it.

But it ends up being some kind of porn spy-ware that did an override on my Anti-virus. So Ad-aware catches it... a few times. What did she say? A few times. Exactly, because somewhere, and I've yet to find out where, there is a file hiding that changes the name of the spyware and it's location everytime I reboot.

I'm going on a week of fighting this thing now.

[azurelunatic]

Graawwwwr. I recommend SpyBot Search & Destroy, which sraun recommended to me.

[elysianmusings.livejournal.com]

Whatever it was, it screwed everything up. I went from having a functional system to suddenly not having any drives. Tres annoying. Ending up having to flash my bios.