Jump to content

uninstall SP3


Recommended Posts


I don't remember specifics off of the top of my head, but this behavior reminds me of similar behavior of an older virus/worm that shows up after installation of a service pack due specifically to some of the changes that SP2 and SP3 do to a system during install, thus causing the malicious code to "break" and start to show up obviously in task manager like this with those two specific binaries over and over, and should be treated as such. In task manager, on the processes tab, if you click view > select columns, one of the options is "Command Line". I am guessing you'll see either services.exe or cmd.exe being started from somewhere other than \Windows\System32, which would indicate for sure the infection.

Link to comment
Share on other sites

There are quite a number of virii that do something like that:

http://www.runscanner.net/lib/services.exe.html

AFTER a thorough antivirus scan, if the behaviour continues, check this:

http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/edd479ff-6ae3-4255-9add-57acd434c5ac

HKLM\SOFTWARE\MICROSOFT\COMMAND PROCESSOR

The autorun key should be blank however it had cmd.exe in it as soon as this was removed the fault stopped without restart.

jaclaz

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...