I think I have a virus/spyware, help me remove it

Lyfer

Diamond Member
May 28, 2003
5,842
2
81
I have the latest and upated version of spywareblaster, ie-spad, antivir, ms antispware beta, kerio firewall 4, and ADware with vectx plugin. I've ran a scan and it still cannot resolve my problem:

Multiple apps running in background:
ati2evxx.exe (2 of em)
cli.exe (4)
kpf4gui.exe (2)
svchost.exe (2)


CPU usage still at 0% BUT I noticed that some of the file names in windows are in the color blue and I get some bad slow down during loading of certain IE web pages.


I just noticed this a few days ago.


Any ideas? (I'm trying the kaspersky online scan right now)
 

mechBgon

Super Moderator<br>Elite Member
Oct 31, 1999
30,699
1
0
Hi Lyfer, after the Kaspersky scan, also try this manual scan: http://www.omnicast.net/~tmcfadden/scan.txt This runs in Safe Mode With Command Prompt if you're following the directions, and may take away some of your malware's abilities to fight back. It can take quite a while to complete, so you might want to run it overnight.

Also, while you're waiting for the Kaspersky scan to wrap up, try F-Secure Blacklight beta from http://www.f-secure.com/blacklight This is a rootkit detection tool that should be run in normal non-Safe-Mode so it can try to see if stuff's being hidden.
 

mechBgon

Super Moderator<br>Elite Member
Oct 31, 1999
30,699
1
0
BTW a quick Google of the processes you listed show that they could be legit (assuming they're not malware that's borrowing filenames of legit processes). What sort of Internet connection do you have? Any chance someone's mooching off your bandwidth via your wireless router (if you have one)?
 

feraltoad

Junior Member
Oct 28, 2005
14
0
0
This website list processes.

http://www.liutilities.com/products/wintaskspro/processlibrary/ati2evxx/

If you wanna know the cli and the ati ones are from your graphics. Obviously u have ATI graphics installed.
the kpf4 is Kerio personal firewall.
And servicehost is a Windows process so thats totally normal

download spybot sd (google that) u can see what processes are starting up and toggle them in the advanced section and it usually tells you what those process are. For example I had the w32 agobot ku worm listing in there. I never could find it. Maybe my a/v already got it. Still looking about that. BTW download Avast antivirus if you don't have any AV your a dummy. get the free version. I like it. It will catch the Java script crap you get on some websites.

F-secure also offers a free online scanner.

I also find PREVX useful. It is also free. it stops things from being changed annoying at times and can cause BF2 problems so suspend it before you start BF2 and other games. Its for people who don't mind the bother obv.

U already run a firewall.

That does seem high idle but your PC does stuff when your not doing stufff for example Avast antivirus maps your computer to help w/repairs if it has to do them. I use O&O defrag and that starts when the PC is idle. Windows Media Center records stuff....O your PC might be indexing its files go to search and uncheck it. or check in start/run/services.msc but becareful in there if u disable the wrong stuff, e.g. rpc, you will mess up your pc reeealll bad.

BTW I agree w/ MechBgon. Learn to google efficiently. You do that you will have less questions. for example type in: what is cli.exe? lo and behold i have the answer! See how happy that makes u? Also, this makes you more able to help others and spread the gospel of RTDM, :p Good luck, trying to find crap like is a needle and haystack kind of thing. and sumtimes you just have to reinstall to be happy and have some peace of mind. If you use back up software like Acronis True Image (u can download a trial) back ups aren't as painful cuz it reinstalls all your OS clean be sure to split ur HDD into 2 partitions tho one for OS other for Documents this also diminishes doc loss even w/out using back up software if you have to reinstall windows.....yada yada

Wireless router? would that do anything to his machine unless they are browsing his files?? yikes! Unless he has it set up Adhoc BTW a friend had a piggy backer at his apt. he had to put up mac filter but before he did he dropped a virus in their machine lol i guess u really dont get anything for free.