Re: Explain Running Process

From: Frankster (Frank_at_SPAM2TRASH.com)
Date: 12/02/04 

Date: Thu, 2 Dec 2004 11:19:40 -0700

Concerned about the about:blank virus/spyware, I changed my home page to
msn.net. It holds fine. Rebooted, still fine. My home page settings
operate as designed. No popups, no changing of home page settings, nothing
unusual.

However, I STILL have that 6 character executable running (different name
after reboot). I just don't see any ill effects. Not sure what the
about:blank virus/spyware does, but my home page setting operates normally,
I think.

-Frank

"John John" <audetweld@nbnet.nb.ca> wrote in message
news:eZtAjXJ2EHA.4004@tk2msftngp13.phx.gbl...
> Sounds like a virus or spyware. About:blank has a similar behaviour. Look
> in the start locations to see what seems out of place. Autoruns by
> Sysinternals might reveal the parent source.
>
> John
>
> Frankster wrote:
>> I have a number of XP Pro boxes (some original load, some upgraded from
>> W2K Pro). All of them exhibit this same thing. This was not happening
>> with W2K.
>>
>> Each box almost always has ONE process running that I cannot account for.
>> It is a process that ALWAYS has an ALL CAPS name, 6 characters, mixture
>> of Alpha numeric and is an EXE.
>>
>> Eg. of filenames... seemingly random.
>> BOE3D6.EXE
>> APE4DC.EXE
>> BO4TYC.EXE
>> HID4CH.EXE
>>
>> etc, etc...
>>
>> The physical file is in the %systemroot%\temp directory. I can delete
>> it and a new one, of different name, will be auto-generated on next boot.
>>
>> Occasionally, after reboots or shutdowns, upon restart I get an error
>> saying this file cannot write to memory (or similar). It always shows
>> mem locations such as "0000000x".
>>
>> This semingly has NEVER caused any problem. I just click on OK and say
>> "geeze"!
>>
>> Does anyone know what could be causing this?
>>
>> -Frank
>

Relevant Pages

  • Re: Virus?
    ... >years using windows 98 SE. ... >It suddenly would only boot in safe mode for no apparent reason. ... Performed a step by step reboot and the ... Rebooted and checked the BIOS settings again ...
    (comp.sys.ibm.pc.hardware.chips)
  • Re: Update of Windows Update fails with error 0x80070005
    ... Do a reboot again. ... Then check if you can start and stop the Automatic Updates service ... What are the settings (registry ...
    (microsoft.public.windowsupdate)
  • Virus?
    ... years using windows 98 SE. ... It suddenly would only boot in safe mode for no apparent reason. ... Performed a step by step reboot and the ... Rebooted and checked the BIOS settings again ...
    (comp.sys.ibm.pc.hardware.chips)
  • Re: Server is working but unable to logon by any means
    ... I changed the registry settings back to original settings and rebooted after ... So I've rebooted the server with no changes done at all. ... Safe Mode is not working - same issue it will not display logon screen ... difference after reboot. ...
    (microsoft.public.windows.server.general)
  • Re: Faulty Port 25 (SMTP)?!?!
    ... After changes to the network settings, it usually requires a reboot to see the effects of the changes. ... decided to conduct also a "WinSock XP Fix", rebooted and ...I just couldn't believe it!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! ... with a damaged LSP maybe, ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
Loading