Administrator Tarun Posted March 21, 2006 Administrator Share Posted March 21, 2006 Things that caught my attention (unless they were typoes) were the svhost.exe (not svchost.exe) near the bottom and hosysdrv.exe (hpsysdrv.exe?). Then of course there was the AOL bloat. Link to comment Share on other sites More sharing options...
laboo Posted March 21, 2006 Author Share Posted March 21, 2006 Things that caught my attention (unless they were typoes) were the svhost.exe (not svchost.exe) near the bottom and hosysdrv.exe (hpsysdrv.exe?). Then of course there was the AOL bloat. <{POST_SNAPBACK}> sorry, they were both typoes..... Link to comment Share on other sites More sharing options...
Administrator Tarun Posted March 21, 2006 Administrator Share Posted March 21, 2006 No problem. I'm checking into what the issue with the computer could be. Link to comment Share on other sites More sharing options...
laboo Posted March 29, 2006 Author Share Posted March 29, 2006 Things that caught my attention (unless they were typoes) were the svhost.exe (not svchost.exe) near the bottom and hosysdrv.exe (hpsysdrv.exe?). Then of course there was the AOL bloat. <{POST_SNAPBACK}> sorry, they were both typoes..... <{POST_SNAPBACK}> any ideas yet???? My system is running better but the Ewido will not scan the memory of my system. I am also in the process of changing my internet provider, I'm getting rid of AOL. Once I get everything transfered to my new acount that is..... :eyeroll: Link to comment Share on other sites More sharing options...
DjLizard Posted April 10, 2006 Share Posted April 10, 2006 Just wanted to clarify for those that were confused: csrss.exe isn't supposed to show up in HJT. It was probably a trojan with a UNICODE name that made it look like the real spelling. The trick is that the malware authors are using cyrillic letters (like Russian) that look exactly like their English counterparts, but in code, don't count the same as English letters. They usually end up at the bottom of directory lists because they are characters that have a higher value than Z. You might find more of them if you do the following: Start > Run > cmd.exe cd \ cd %systemroot%\system32 dir /a At the bottom of the list, if you see anything with question marks in the filename, let us know what they are. Do not try to delete them. Link to comment Share on other sites More sharing options...
laboo Posted April 10, 2006 Author Share Posted April 10, 2006 I did as you asked and found nothing with a question mark in the file name. Link to comment Share on other sites More sharing options...
corjello Posted April 10, 2006 Share Posted April 10, 2006 did other entries pop up? im just curious )corjello( Link to comment Share on other sites More sharing options...
laboo Posted April 10, 2006 Author Share Posted April 10, 2006 did other entries pop up? im just curious )corjello( <{POST_SNAPBACK}> the last file is zport4as.dll nothing after that..... Link to comment Share on other sites More sharing options...
corjello Posted April 11, 2006 Share Posted April 11, 2006 nvm, i had something but its of no use )corjello( Link to comment Share on other sites More sharing options...
Recommended Posts