![[SpamCop.net - protecting the internet through technology]](http://news.spamcop.net/newlogo.jpg)
[SpamCop-List]
Re: Track TCP/IP transmissions made by background processes
DS
9ucs5y001 at sneakemail.com
Sat Sep 3 19:00:06 EDT 2005
"Jeff" <eatmy at grits.com> wrote in message
news:detbe5$ci8$1 at news.spamcop.net...
>I have some background processes that are running that I can't stop. When
>I try to stop them, they
> simply spawn a new process and rename themselves as a .exe file with a
> random 7 character filename.
> Neither ad-aware nor Microsoft's spyware software detects them, nor does
> Norton Antivirus. I'm
> assuming these programs are either sending or receiving transmissions over
> the internet without me
> knowing. Is there a way to find out if they're transmitting or receiving
> data over the internet?
I finished cleaning up my sister-in-law's computer that was behaving like
this. It turns out that it was infected with both VX2 and SAH. To clear it
out, I had to resort to the Windows boot/install/recovery console and delete
the root culprit executable. It was loading at winlogon time via the
WinLogon/Notify method. I was lucky--if that didn't work, it was re-imaging
time for her HD.
DS
More information about the SpamCop-List
mailing list