Tech Support Forum banner
Status
Not open for further replies.
1 - 5 of 5 Posts

·
Registered
Joined
·
3 Posts
Discussion Starter · #1 ·
Hello, last night someone tried to install a virus on my computer.

I was working and suddenly I see an installation popup, I just wondered what it was. I went to the windows folder and I see a erase_me with random numbers, I did a search on google and I saw it was a virus. So I deleted all the files and did a scan. The scan did not find any more virus.

I restarted the pc several times to make sure and checked again, no virus.

Then I went to cmd and type netstat -na and I see that the computer automatically connect to a foreign IP that belongs to a VPS hosting company. I already emailed the hosting compnay and waiting the response from them. But I suspect it's some kind of virus.

I don't have any open programs or browser open when I do the netstats, but it keeps showing up as established connection:


TCP xxx.xxx.xxx.xxx:xxxx 64.186.155.47:4378 ESTABLISHED


Any ideas?

Can this be related to any malware or spyware?

I run netstat regularly when I start my computer and it never shows an IP connected before I open any browser windows. and It should not.

.
 

·
Registered
Joined
·
3 Posts
Discussion Starter · #2 ·
Ok, I see that the ip connection is related to a process called "windows.exe"... obviously some kind of troljan according to google..

the problem is that i can't find the file when I search for it in windows. nothing is found.

When I end the process, the connection stops.

But when I restart windows, the process starts again and reconnects to the same IP.

Any ideas?
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Hello and welcome,

We require a more comprehensive set of logs to determine the presence of malware. What you need to do is follow the instructions in our pre-posting topic New Instructions - Read This Before Posting for Malware Removal Help and post the requested logs in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

**Please note this section of the forum is very busy, so be sure to familiarize yourself with the Bumping Rules also found in our sticky topic mentioned above. One of our Analysts will review your log as soon as possible.
 

·
Registered
Joined
·
3 Posts
Discussion Starter · #4 · (Edited)
Ried thx for the answer, but I was able to resolve this on my own.

If it's of any help to anyone, this is what I did. First I run anti-spyware soft and removed any suspicious files. Then I run Hijackthis and I see that windows.exe is still in some folders.

Restart and go to --> Start - Run... - Regedit --> Find and type "windows.exe"

I remvoed any registry edit I find with windows.exe.

Restart and no more problems.
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Thanks for letting me know, but depending on how deeply this infection got onto your system, there could be some remnants that your scanner did not pick up on. It will only take you a couple of minutes to run dds.scr and post the logs for review. Small amount of time to spend for peace of mind..? :smile:
 
1 - 5 of 5 Posts
Status
Not open for further replies.
Top