Processes in General

Windows
Apache (4)
File Types (33)
Internet Explorer (6)
Network (12)
Passwords (6)
Printing
Processes (13)
Programming (318)

Exchange Links

About this site

Links to us

General :: Windows :: Processes

Do you wonder what that long list of processes in your task manager comes from? Are all those programs running there really needed or are they a virus, adware, spyware.. recording all your keystrokes and then sending your passwords to a remote server? Read the articles below and learn about some of those processes.

Articles:

This list is sorted by recent document popularity (not total page views).
New documents will first appear at the bottom.

What is jusched.exe - is jusched a virus or spyware? (76320)
savroam.exe - Process information (73901)
What are igfxtray.exe and igfxpers.exe? (42174)
bla.exe / Scvhost.exe trojan horse keeps coming back! (22622)
Window with title Diagnostic Traces after starting Windows (10197)
What is process SAcc.exe? is SAcc a virus? (9378)
alg - alg.exe - Process Information (8260)
ctfmon - ctfmon.exe - Process information (5715)
What is WinFixer 2005? It warns me about errors in my registry (5073)
What is FireDaemon.exe - harmless or a trojan? (3231)
Power-Scan and unwanted browser pop-up windows (2411)
4u - 4u.exe - Process information (2354)
svcdiag.exe - what is this? (1739)

Featured Article

bla.exe / Scvhost.exe trojan horse keeps coming back!

Question:

I cannot get rid of this trojan horse bla.exe. I first found it after I kept getting error messages from WinAmp ('Illegal Operation' on drive C:) even though I was not running WinAmp and I have WinAmp installed on drive E:.

I started the computer in safe mode, twice, and removed both of them and they just keep coming back.

Answer:

bla.exe belongs to the W32.HLLW.Gaobot worm. This worm attempts to spread to network shares with weak passwords. W32.HLLW.Gaobot also provides a hacker access to the infected computer through IRC. It uses the DCOM RPC vulnerability (tcp port 135, Windows XP) and the RPC locator vulnerability (tcp port 445).

There is a upx compressed version of this worm, the compressed version is classified as W32.HLLW.Gaobot.AE
It affects computers with Windows NT, Windows 2000 and Windows XP.

Besides running as bla.exe, it may also arrive on your computer as Scvhost.exe, WincfgM32.exe or Winhlpp32.exe.

To remove this trojan horse, you need to follow these steps:

Disable System Restore (Windows XP only)
Restart the computer in Safe mode or VGA mode.
Run an updated virus scanner and run a full system scan and delete all the files detected as W32.HLLW.Gaobot.
Delete the value that was added to the registry under
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
There delete "Config Loader"="scvhost.exe"
and in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
delete "Config Loader"="scvhost.exe"
Now boot again in normal mode

Generated 20:02:15 on Jul 16, 2018

Most recent comments

2018-07-16 20:00:46:
by anonymous
in Dating Scams
on Gold digger Valeria Novitskaya from Ukraine:
I believe she is using the name Alyonia Skorobagatko-Kachmar on V.K. It is a travel agents site. Valeriya stop using Ekzotour profile at about the same time this profile started. Kattie and Yulia are ... read more

2018-07-16 15:37:04:
by anonymous
in Web publishing
on Getting started with CSS:

We are project funder as well as financial lender,We have BG/SBLC, specifically for BUY/LEASE at a leasing price value Issuance by HSBC London and other 25 top AA rated Bank in Europe, Middle Eas ... read more

2018-07-16 10:26:33:
by gep2@terabites.com
in Male Dating Scammers
on Dating scammer Scott Camry:
he's also trying on bear sites (ID there is 'nicolasfarsbears').... 'Hi dear sorry i was not on bearforest when you wrote back, sweetman you can write me here sporttrainprett@yahooo.com , that is the ... read more

2018-07-16 08:25:33:
by anonymous
in Male Dating Scammers
on Dating scammer James Ramos:
I have been corresponding with Ramos Williams for about three months, He was supposed to be a captain in the US army but his military I’d showed Sgt. !He doctored it to read Captain. But he forgot t ... read more

2018-07-15 16:21:40:
by [hidden]
in Dating Scams
on Dating scammer Natalia Kovalewa from Olkha or Novosibirsk, Russia:

The Ghana country code is 233 and Natalie Sparks is an American pornstar. Just more of the same ... scammers love using porn girl pics to light up your imagination into thinking some sexy looking babe ... read more

2018-07-15 12:01:10:
by anonymous
in Male Dating Scammers
on Dating scammer Roby Helms:
There is a man named roby helms texting and saying he has hundreds of $ from his father left to him and he is promising an engagment ring after only three week s of testing. Around mid fifties, anyo ... read more

2018-07-15 09:01:54:
by DOC
in Dating Scams
on Dating scammer Esther Ansomaa from Accra, Ghana:

The girl in body paint is Karla Spice.....

2018-07-14 19:16:15:
by anonymous
in Male Dating Scammers
on Dating scammer Gen. John Miller:
Ami me ah intentado estafar mucho cuidado

2018-07-14 17:58:51:
by [hidden]
in Dating Scams
on Dating scammer Susan Edwards:
All of the above bimbo's pictures, etc. are posted on the ScamWarners website below...

ScamWarners.com View topic - Iryna - igamas295@gmail. com

https://www.scamwarners. com/forum/v ... read more

2018-07-14 00:11:55:
by anonymous
in Finances
on Well-respected bank offering Payday loans:

Contact: Gary Snyder
Skype Ireadysteadyfinancesltd Emaireadysteadyfinancesltd@ gmagmail.com
Tele: +447031912976

We offer certified and verifiable bank instruments through Swift ... read more


	Search: