Jump to content

Featured Replies

  • Replies 58
  • Views 21k
  • Created
  • Last Reply

Top Posters In This Topic

  • Author

Things that caught my attention (unless they were typoes) were the svhost.exe (not svchost.exe) near the bottom and hosysdrv.exe (hpsysdrv.exe?).  Then of course there was the AOL bloat.

<{POST_SNAPBACK}>

sorry, they were both typoes.....

  • Author

Things that caught my attention (unless they were typoes) were the svhost.exe (not svchost.exe) near the bottom and hosysdrv.exe (hpsysdrv.exe?).  Then of course there was the AOL bloat.

<{POST_SNAPBACK}>

sorry, they were both typoes.....

<{POST_SNAPBACK}>

any ideas yet???? My system is running better but the Ewido will not scan the memory of my system. I am also in the process of changing my internet provider, I'm getting rid of AOL. Once I get everything transfered to my new acount that is..... :eyeroll:

  • 2 weeks later...

Just wanted to clarify for those that were confused:

csrss.exe isn't supposed to show up in HJT. It was probably a trojan with a UNICODE name that made it look like the real spelling. The trick is that the malware authors are using cyrillic letters (like Russian) that look exactly like their English counterparts, but in code, don't count the same as English letters. They usually end up at the bottom of directory lists because they are characters that have a higher value than Z.

You might find more of them if you do the following:

Start > Run > cmd.exe

cd \
cd %systemroot%\system32
dir /a

At the bottom of the list, if you see anything with question marks in the filename, let us know what they are. Do not try to delete them.

  • Author

did other entries pop up? im just curious

)corjello(

<{POST_SNAPBACK}>

the last file is zport4as.dll nothing after that.....

Guest
This topic is now closed to further replies.

Recently Browsing 0

  • No registered users viewing this page.