dos program repeatedly firing up

  • Thread starter Thread starter m scorfield
  • Start date Start date
M

m scorfield

i have the free edition of avg antivirus with latest definitions , i am
having some problems with a clean install of win xp whereby three dos
command windows open in rapid succession , every ten minutes or so ,then
dissapear. This may be the remnant of a virus destroyed by a security patch
or dso exploit patch - soes anyone know what this might be or how to
interrupt it?

cheers

mark
 
i have the free edition of avg antivirus with latest definitions , i am
having some problems with a clean install of win xp whereby three dos
command windows open in rapid succession , every ten minutes or so ,then
Click to expand...

Try process explorer from http://www.sysinternals.com/ to see
what's actually running.

Regards, Dave Hodgins
 
Thanks David i'll try that , but i think ive found it using the startup list
in spybot search and destroy - two processes called 'explore.exe' were being
ran as 'video services'. This turns out to be the trojan / RAT called 'gray
bird' which spies on your key activities , and potentially sets up a socks
server on your machine - im not sure yet if it has done that and im a little
bit alarmed that avg didn't find it , but the dos boxes seem to have
stopped. (having removed them from startup and deleted explore.exe) Just to
double check i found an evaluation of pest patrol , which looks specifically
for that kind of remote access trojan and it seems that im finally clean ,
fingers crossed. However , the winsocket utility spybot shows several
netbios access things and unfortunately im just not clever enough to know if
they are supposed to be there or not.
 
Thanks David i'll try that , but i think ive found it using the startup list
in spybot search and destroy - two processes called 'explore.exe' were being
ran as 'video services'. This turns out to be the trojan / RAT called 'gray
bird' which spies on your key activities , and potentially sets up a socks
Click to expand...

Make sure you change all of your passwords, on all accounts.
Do you use your pc for online banking?

Regards, Dave Hodgins
 
yes! i do. thanks for the advice . i think all virus writers and malicious
users should be hung by their testicles.
 
Back
Top