Re: Explain Running Process
From: John John (audetweld_at_nbnet.nb.ca)
Date: 12/02/04
- Next message: Helge Wunderlich: "Re: How to change numeric keypad keys?"
- Previous message: TJ: "RE: network connections"
- In reply to: Frankster: "Re: Explain Running Process"
- Next in thread: Frankster: "Re: Explain Running Process"
- Reply: Frankster: "Re: Explain Running Process"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 02 Dec 2004 15:56:02 -0400
By the way, these BHO hyjackers & spyware don't usually go about
changing your homepage, that would be too obvious. They lurk in the
background waiting to pounce. In the case of true spyware they keep
track of your surfing habits then "call home" and report their findings.
Some people only notice that their web surfing seems slower than
normal as the spyware is using a "pipe" to its home while you surf.
Others notice that there seems to be activity when none should be going
on. Good firewalls can usually detect this. In the case of BHO
highjackers just try doing a search and see what happens. They redirect
you to their search engine or spew out their search results, not the
results you would expect from legit search engines like MSN, Yahoo or
Google etc.
John
Frankster wrote:
> Concerned about the about:blank virus/spyware, I changed my home page to
> msn.net. It holds fine. Rebooted, still fine. My home page settings
> operate as designed. No popups, no changing of home page settings, nothing
> unusual.
>
> However, I STILL have that 6 character executable running (different name
> after reboot). I just don't see any ill effects. Not sure what the
> about:blank virus/spyware does, but my home page setting operates normally,
> I think.
>
> -Frank
>
> "John John" <audetweld@nbnet.nb.ca> wrote in message
> news:eZtAjXJ2EHA.4004@tk2msftngp13.phx.gbl...
>
>>Sounds like a virus or spyware. About:blank has a similar behaviour. Look
>>in the start locations to see what seems out of place. Autoruns by
>>Sysinternals might reveal the parent source.
>>
>>John
>>
>>Frankster wrote:
>>
>>>I have a number of XP Pro boxes (some original load, some upgraded from
>>>W2K Pro). All of them exhibit this same thing. This was not happening
>>>with W2K.
>>>
>>>Each box almost always has ONE process running that I cannot account for.
>>>It is a process that ALWAYS has an ALL CAPS name, 6 characters, mixture
>>>of Alpha numeric and is an EXE.
>>>
>>>Eg. of filenames... seemingly random.
>>>BOE3D6.EXE
>>>APE4DC.EXE
>>>BO4TYC.EXE
>>>HID4CH.EXE
>>>
>>>etc, etc...
>>>
>>>The physical file is in the %systemroot%\temp directory. I can delete
>>>it and a new one, of different name, will be auto-generated on next boot.
>>>
>>>Occasionally, after reboots or shutdowns, upon restart I get an error
>>>saying this file cannot write to memory (or similar). It always shows
>>>mem locations such as "0000000x".
>>>
>>>This semingly has NEVER caused any problem. I just click on OK and say
>>>"geeze"!
>>>
>>>Does anyone know what could be causing this?
>>>
>>>-Frank
>>
>
>
- Next message: Helge Wunderlich: "Re: How to change numeric keypad keys?"
- Previous message: TJ: "RE: network connections"
- In reply to: Frankster: "Re: Explain Running Process"
- Next in thread: Frankster: "Re: Explain Running Process"
- Reply: Frankster: "Re: Explain Running Process"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
