Arawnxn? Omniscient??

  • Thread starter Thread starter CRSeda
  • Start date Start date
C

CRSeda

Windows seems to have updated my computer with two
programs I don't recall seeing before: arawnxn, located
in C:\Winnt\system32, and omniscient, located in
C:\Program Files\WindowsSA (WindowsSA???). Having been
caught out by one worm, I am leery of unfamiliar
processes that suddenly show up in my system. Are these
in fact Windows-origin, or have I been hijacked?

(Besides belatedly setting up the firewall, etc., I took
a screenshot of Windows Task Manager system processes
after that episode as insurance. These aren't there, and
their datemarks indicate they appeared earlier today.)
 
CRSeda said:
Windows seems to have updated my computer with two
programs I don't recall seeing before: arawnxn, located
in C:\Winnt\system32, and omniscient, located in
C:\Program Files\WindowsSA (WindowsSA???). Having been
caught out by one worm, I am leery of unfamiliar
processes that suddenly show up in my system. Are these
in fact Windows-origin, or have I been hijacked?

(Besides belatedly setting up the firewall, etc., I took
a screenshot of Windows Task Manager system processes
after that episode as insurance. These aren't there, and
their datemarks indicate they appeared earlier today.)
Click to expand...

You have been hijacked.

Go to this site and run the online spyware scan:
http://aumha.org/a/noads.htm

Download the following programs to remove the parasite.

Lavasoft Ad-Aware - www.lavasoftusa.com
SpyBot S&D - http://www.safer-networking.org/
CWShredder : http://www.spywareinfo.com/~merijn/files/CWShredder.exe

After it is removed, go here to find out the extent of this problem and how
you can protect yourself.

http://www.aumha.org/a/parasite.htm
--
Ronnie Vernon
Microsoft MVP
Windows Shell/User

Please reply to the newsgroup so all may benefit.
http://www.dts-l.org
http://www.mvps.org
 
Windows didn't do that, some questionable web site you've visited did
that?
 
Sort of. My top suspect is a shareware undelete program I
downloaded to try to recover a file I'd mistakenly
deleted. I seem to be going from dumb to dumber.
 
This is getting weirder. I ran Ad Aware, but it didn't
find either of those (found a bunch of other stuff
though; thank you). Got late, so I went to bed without
trying the other fixes yet. Then, when I started my
computer this morning, I got a message that Omniscient
had successfully uninstalled, and now the odd WindowsSA
folder contains a program called "Axuninstall". I located
the uninstall log; it reads as follows:

30/07/2004 21:56:40 : Uninstall Version :
1.555555555555555555555555555555
30/07/2004 21:56:40 : setSystemDriveOnPaths
30/07/2004 21:56:40 : getInstallFolderOmni = C:\Program
Files\WindowsSA\
30/07/2004 21:56:40 : RemoveRegistryAutorun
30/07/2004 21:56:40 : + Killing omniscient.exe Process ...
30/07/2004 21:56:42 : Process killing
for "omniscient.exe" FAILED!
30/07/2004 21:56:42 : + Killing iexplore.exe Process ...
30/07/2004 21:56:42 : Process killing for "iexplore.exe"
OK
30/07/2004 21:56:42 : + Manual Omniscient executable
deletation ...
30/07/2004 21:56:42 : FAILED! Setting axuninstall.exe in
window's startup.
01/08/2004 08:30:27 : Uninstall Version :
1.555555555555555555555555555555
01/08/2004 08:30:28 : setSystemDriveOnPaths
01/08/2004 08:30:28 : getInstallFolderOmni = C:\Program
Files\WindowsSA\
01/08/2004 08:30:28 : RemoveRegistryAutorun
01/08/2004 08:30:28 : + Killing omniscient.exe Process ...
01/08/2004 08:30:28 : Process killing
for "omniscient.exe" OK
01/08/2004 08:30:28 : + Killing iexplore.exe Process ...
01/08/2004 08:30:28 : Process killing for "iexplore.exe"
OK
01/08/2004 08:30:28 : + Manual Omniscient executable
deletation ...
01/08/2004 08:30:32 : OK
01/08/2004 08:30:32 : + Killing omniscient.exe Process ...
01/08/2004 08:30:32 : Process killing
for "omniscient.exe" OK
01/08/2004 08:30:32 : + Killing iexplore.exe Process ...
01/08/2004 08:30:32 : Process killing for "iexplore.exe"
OK
01/08/2004 08:30:32 : + Killing Explorer.exe Process ...
01/08/2004 08:30:38 : Process killing for "Explorer.exe"
FAILED!
01/08/2004 08:30:38 : + Deleting all other files ...
01/08/2004 08:30:38 : getInstallFolderOmni() = C:\Program
Files\WindowsSA\ getInstallFolderBand() =
C:\Windows\System32\
01/08/2004 08:30:38 : Deleting files from C:\Program
Files\WindowsSA\
01/08/2004 08:30:38 : + Recursive file delete for
folder: C:\Program Files\WindowsSA\
01/08/2004 08:30:38 : Unable to delete file : C:\Program
Files\WindowsSA\axuninstall.exe
01/08/2004 08:30:40 : + Recursive file delete for
folder: C:\Program Files\WindowsSA\update
01/08/2004 08:30:41 : Function DeleteAllOtherFiles() OK
01/08/2004 08:30:41 : + Killing explore.exe Process ...
01/08/2004 08:30:41 : Process killing for "explore.exe" OK
01/08/2004 08:30:41 : + Explorer Process Reboot ...
01/08/2004 08:30:42 : OK

FYI: I was on-line at 21:56 of 7/31/04, but doing nothing
I know of that might have triggered this. So, what just
happened?
 
Back
Top