1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Persistent Trojan Maljava, Random Popups in firefox and slow pc

Discussion in 'Malware and Virus Removal Archive' started by Celmak1, 2011/02/11.

Page 3 of 3
  1. 2011/02/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    jusched.exe is an unnecessary startup.
    You can disable it: http://www.howtogeek.com/howto/windows-vista/what-is-juschedexe-and-why-is-it-running/

    As for CPU usage, let's see...

    Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
    Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
    Click on View > Select Colunms.
    In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
    Go File>Save As, and save the report as Procexp.txt.
    Paste the content into your next reply.
     
    broni,
    #41
  2. 2011/02/15
    Celmak1

    Celmak1 Inactive Thread Starter

    Joined:
    2010/11/18
    Messages:
    45
    Likes Received:
    0
    Hi Broni,
    Can I go ahead and delete the process manager?


    Process PID CPU Private Bytes Working Set Description Company Name Command Line
    System Idle Process 0 93.85 0 K 16 K
    Interrupts n/a 0 K 0 K Hardware Interrupts
    DPCs n/a 0 K 0 K Deferred Procedure Calls
    System 4 0 K 32 K
    smss.exe 436 168 K 44 K Windows NT Session Manager Microsoft Corporation \SystemRoot\System32\smss.exe
    csrss.exe 492 1.54 1,832 K 1,964 K Client Server Runtime Process Microsoft Corporation C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
    winlogon.exe 520 6,668 K 1,568 K Windows NT Logon Application Microsoft Corporation winlogon.exe
    services.exe 564 1.54 1,836 K 1,108 K Services and Controller app Microsoft Corporation C:\WINDOWS\system32\services.exe
    svchost.exe 744 3,056 K 1,380 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost -k DcomLaunch
    ehmsas.exe 3412 636 K 96 K Media Center Media Status Aggregator Service Microsoft Corporation C:\WINDOWS\eHome\ehmsas.exe -Embedding
    Dot1XCfg.exe 2820 3,976 K 1,068 K Intel 802.1x Server Intel Corporation C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe -Embedding
    wmiprvse.exe 2164 2,040 K 5,184 K WMI Microsoft Corporation C:\WINDOWS\system32\wbem\wmiprvse.exe
    svchost.exe 824 1,948 K 1,360 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost -k rpcss
    svchost.exe 864 21,020 K 9,308 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe 896 2,336 K 104 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    EvtEng.exe 1184 3,864 K 344 K Intel(R) PROSet/Wireless Event Log Intel Corporation "C:\Program Files\Intel\Wireless\Bin\EvtEng.exe "
    S24EvMon.exe 1216 2,792 K 912 K Wireless Management Service Intel Corporation "C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe "
    svchost.exe 1268 1,504 K 572 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k NetworkService
    svchost.exe 1308 1,132 K 68 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalService
    ccSetMgr.exe 1368 4,164 K 136 K Symantec Settings Manager Service Symantec Corporation "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe "
    ccEvtMgr.exe 1448 4,268 K 104 K Symantec Event Manager Service Symantec Corporation "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe "
    spoolsv.exe 1580 3,992 K 76 K Spooler SubSystem App Microsoft Corporation C:\WINDOWS\system32\spoolsv.exe
    svchost.exe 1708 1,260 K 60 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalService
    CFSvcs.exe 1740 1,316 K 296 K Service of ConfigFree. TOSHIBA CORPORATION "C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe "
    DefWatch.exe 1768 544 K 80 K Virus Definition Daemon Symantec Corporation "C:\Program Files\Symantec AntiVirus\DefWatch.exe "
    DVDRAMSV.exe 1788 464 K 52 K DVD-RAM Utility Helper Service Matsushita Electric Industrial Co., Ltd. C:\WINDOWS\system32\DVDRAMSV.exe
    ehrecvr.exe 1800 2,464 K 68 K Media Center Receiver Service Microsoft Corporation C:\WINDOWS\eHome\ehRecvr.exe
    ehSched.exe 1824 744 K 68 K Media Center Scheduler Service Microsoft Corporation C:\WINDOWS\eHome\ehSched.exe
    RegSrvc.exe 340 856 K 80 K Intel(R) PROSet/Wireless Registry Service Intel Corporation "C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe "
    svchost.exe 336 4,548 K 1,628 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalService
    svchost.exe 432 2,364 K 76 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k imgsvc
    swupdtmr.exe 460 340 K 52 K c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    Rtvscan.exe 540 44,688 K 4,248 K Symantec AntiVirus Symantec Corporation "C:\Program Files\Symantec AntiVirus\Rtvscan.exe "
    TAPPSRV.exe 960 428 K 200 K TOSHIBA TAPPSRV TOSHIBA Corp. "C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe "
    mcrdsvc.exe 1100 824 K 200 K MCRD Device Service Microsoft Corporation C:\WINDOWS\ehome\mcrdsvc.exe
    searchindexer.exe 1636 19,400 K 8,644 K Microsoft Windows Search Indexer Microsoft Corporation C:\WINDOWS\system32\SearchIndexer.exe /Embedding
    dllhost.exe 2680 2,236 K 872 K COM Surrogate Microsoft Corporation C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{02D4B3F1-FD88-11D1-960D-00805FC79235}
    alg.exe 2792 1,152 K 200 K Application Layer Gateway Service Microsoft Corporation C:\WINDOWS\System32\alg.exe
    svchost.exe 2788 1,496 K 168 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    msiexec.exe 212 4,900 K 1,064 K Windows® installer Microsoft Corporation C:\WINDOWS\system32\msiexec.exe /V
    jqs.exe 2276 2,048 K 1,388 K Java(TM) Quick Starter Service Sun Microsystems, Inc. "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf "
    lsass.exe 576 3,788 K 1,096 K LSA Shell (Export Version) Microsoft Corporation C:\WINDOWS\system32\lsass.exe
    taskmgr.exe 2544 1,404 K 1,616 K Windows TaskManager Microsoft Corporation taskmgr.exe
    explorer.exe 1224 26,396 K 21,904 K Windows Explorer Microsoft Corporation C:\WINDOWS\Explorer.EXE
    TFncKy.exe 3164 1,036 K 360 K TFncKy TOSHIBA Corporation "C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe"
    TDispVol.exe 3172 1,624 K 308 K TDispVol TOSHIBA Corporation "C:\WINDOWS\system32\TDispVol.exe"
    hkcmd.exe 3188 708 K 276 K hkcmd Module Intel Corporation "C:\WINDOWS\system32\hkcmd.exe"
    igfxpers.exe 3196 676 K 276 K persistence Module Intel Corporation "C:\WINDOWS\system32\igfxpers.exe"
    ehtray.exe 3204 2,312 K 408 K Media Center Tray Applet Microsoft Corporation "C:\WINDOWS\ehome\ehtray.exe"
    THotkey.exe 3216 1,644 K 1,216 K Hotkey Utility TOSHIBA "C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe"
    SynTPLpr.exe 3224 740 K 276 K TouchPad Driver Helper Application Synaptics, Inc. "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
    SynTPEnh.exe 3232 1,436 K 380 K Synaptics TouchPad Enhancements Synaptics, Inc. "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    agrsmmsg.exe 3240 736 K 360 K SoftModem Messaging Applet Agere Systems "C:\WINDOWS\AGRSMMSG.exe"
    TvsTray.exe 3248 596 K 336 K TOSHIBA Virtual Sound Taskbar Module TOSHIBA Corporation "C:\Program Files\Toshiba\Tvs\TvsTray.exe"
    TPSMain.exe 3256 2,164 K 608 K TOSHIBA Corporation "C:\WINDOWS\system32\TPSMain.exe"
    TPSBattM.exe 3440 752 K 276 K TOSHIBA Corporation "C:\WINDOWS\system32\TPSBattM.exe "
    SmoothView.exe 3264 596 K 204 K SmoothView TOSHIBA Corporation "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe"
    DLACTRLW.EXE 3276 964 K 292 K Drive Letter Access Component Sonic Solutions "C:\WINDOWS\system32\dla\DLACTRLW.exe"
    ZCfgSvc.exe 3296 3,688 K 952 K ZeroCfgSvc MFC Application Intel Corporation "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    iFrmewrk.exe 3304 7,204 K 636 K Intel Framework MFC Application Intel Corporation "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    ccApp.exe 3312 4,592 K 504 K Symantec User Session Symantec Corporation "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    VPTray.exe 3320 3,380 K 616 K Symantec AntiVirus Symantec Corporation "C:\PROGRA~1\SYMANT~1\VPTray.exe"
    ipoint.exe 3492 11,828 K 3,508 K IPoint.exe Microsoft Corporation "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    dpupdchk.exe 3992 1,888 K 76 K dpupdchk.exe Microsoft Corporation "C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe"
    TOSCDSPD.exe 3908 596 K 268 K CD/DVD Drive Acoustic Silencer TOSHIBA "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
    ctfmon.exe 3996 900 K 1,384 K CTF Loader Microsoft Corporation "C:\WINDOWS\system32\ctfmon.exe"
    RAMASST.exe 4064 668 K 384 K CD Burning of Windows XP disabling tool for DVD MULTI Drive Matsushita Electric Industrial Co., Ltd. "C:\WINDOWS\system32\RAMASST.exe"
    WindowsSearch.exe 4080 6,576 K 956 K Windows Search System Tray Microsoft Corporation "C:\Program Files\Windows Desktop Search\WindowsSearch.exe" /startup
    firefox.exe 2136 1.54 90,340 K 61,676 K Firefox Mozilla Corporation "C:\Program Files\Mozilla Firefox\firefox.exe"
    plugin-container.exe 2064 51,816 K 33,428 K Plugin Container for Firefox Mozilla Corporation "C:\Program Files\Mozilla Firefox\plugin-container.exe" --channel=2136.75834e0.72990863 "C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll" 2136 plugin \\.\pipe\gecko-crash-server-pipe.2136
    procexp.exe 1648 1.54 12,004 K 17,564 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Documents and Settings\Cem the Greywolf\Desktop\ProcessExplorer\procexp.exe "
     
    Celmak1,
    #42


  3. to hide this advert.

  4. 2011/02/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Yes, you can delete it.

    I don't see any issues.
    System Idle Process (CPU NOT used) is listed at 93.85%.

    If there is nothing else, I'll mark this topic as resolved.
     
    broni,
    #43
  5. 2011/02/15
    Celmak1

    Celmak1 Inactive Thread Starter

    Joined:
    2010/11/18
    Messages:
    45
    Likes Received:
    0
    Broni,
    It is occasional craziness of svchost.exe and wuauclt.exe that slows down my computer (immediately after connecting to internet and after using tfc). If this does not sound malicious, it is probably due to low memory (only 512 mb).
    I just want to thank you once more for your help :)
    Farewell, have a great day :)
     
    Celmak1,
    #44
  6. 2011/02/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're very welcome :)

    Good luck and stay safe :)
     
    broni,
    #45
Page 3 of 3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...