Squidmaster
Member
Hi all. Yesterday I went to my Calvin and Hobbes web comic of the day site and it appeared to have been hacked. I got shunted somewhere that had many flashing and moving bar graphs, which of course told me I had been hacked and was trying to force an executable download, which I cancelled repeatedly till I was able to close the page. I did have to click "yes" to "do you want to navigate away from this site", but I think in Firefox that is a normal thing. Still worth mentioning.
Anyway, since then my computer isn't properly entering sleep mode, which makes me think something is running constantly out of site. I'm no expert in these affairs, but I did run a complete scan with Spybot and the quick scan with McAfee. I will run a full McAfee scan overnight tonight. Neither of these found any problems.
I thought I would look through my task manager a bit today to see if anything stood out (not that I would know, but I'm goggling some things), and I am seeing 2 copies of "csrss.exe". One is in the "C:/Windows/System32" folder, and the other is in "C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_b5027f5b9c731f82". Both show the same creation date and information, but take up different amounts of memory in the task manager. Both say "SYSTEM" under User Name as well in the task manager. I also searched the Windows directory and found 4 additional copies, all of which had a .mui after the exe, rendering them non-executable.
I am seeing 2 copies of rundll32.exe, sidebar.exe andtaskeng.exe running as well, plus 13 copies of svchost.exe.
I am running Vista 64. I'm not a computer novice but I am a virus/spyware/task manager novice, so I would love some help sorting this out.
Thanks for your time!
Anyway, since then my computer isn't properly entering sleep mode, which makes me think something is running constantly out of site. I'm no expert in these affairs, but I did run a complete scan with Spybot and the quick scan with McAfee. I will run a full McAfee scan overnight tonight. Neither of these found any problems.
I thought I would look through my task manager a bit today to see if anything stood out (not that I would know, but I'm goggling some things), and I am seeing 2 copies of "csrss.exe". One is in the "C:/Windows/System32" folder, and the other is in "C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_b5027f5b9c731f82". Both show the same creation date and information, but take up different amounts of memory in the task manager. Both say "SYSTEM" under User Name as well in the task manager. I also searched the Windows directory and found 4 additional copies, all of which had a .mui after the exe, rendering them non-executable.
I am seeing 2 copies of rundll32.exe, sidebar.exe andtaskeng.exe running as well, plus 13 copies of svchost.exe.
I am running Vista 64. I'm not a computer novice but I am a virus/spyware/task manager novice, so I would love some help sorting this out.
Thanks for your time!
