I'm an Administrator, don't tell me access denied!

BYOND Forums

Announcements · BYOND Help · Bug Reports · Feature Requests · Beta Testers · Beta Bugs · Developer Help · Design Philosophy · Demos & Libraries · Tutorials & Snippets · Art & Sound · Classified Ads · Game Updates · Contests & Events · Linux Talk · On Topic · Off Topic

ID:186234 Aug 4 2005, 6:49 am
Airjoe	hey all, dropped by for a sec 'cause I need some help. in TaskManager, on the processes tab, if I try to end certain programs, it tells me access is denied. Hold up, I'm an administrator, why does it tell me this? I can understand the ones that say "This is a critical system process", but "Access denied"? C'mon! What can I do? How do I end these programs?

Aug 4 2005, 6:59 am
Hiead	The processes may be part of programs that are being used by other programs, or something like that. Btw, what were the processes? Out of curiousity. Hiead

Aug 4 2005, 7:02 am
Airjoe	Ack, I recently started getting spyware again. Think you guys could tell me what to delete? HijackThis Log

Aug 4 2005, 7:05 am

In response to Airjoe

Hiead

Airjoe wrote:

Ack, I recently started getting spyware again. Think you guys could tell me what to delete?

HijackThis Log

C:\Documents and Settings\Administrator\Local Settings\Temp\HijackThis.exe is what it looks like. You may also want to send a copy of the log to Microsoft. And I would recommend downloading Firefox as an IE alternative

Hiead

[EDIT] Also, maybe C:\Documents and Settings\Administrator\Desktop\MUSCKEY\PRJMUSKEYLOG.exe
not sure what that is, but the file name sounds like a key-logger

Aug 4 2005, 7:14 am In response to Airjoe
Shun Di	PSof1.exe ps1.exe exp.exe vidctrl.exe Those were a few I just noticed... but search http://www.processlibrary.com/ for more

Aug 4 2005, 7:19 am (Edited on Aug 4 2005, 7:26 am)

In response to Shun Di

Hiead

To add to Shun Di's ps list:

C:\WINNT\system32\k12ld2ps.exe
(Not sure if legit, but it has ps!)

Lol, In addition to that,

C:\PROGRA~1\SECRET~1\ss.exe

It looks suspicious. A way for you to run a program you think is legit, me thinks. Secret Smileys.

Not to do with spyware, but

C:\Program Files\Wireless-G USB Network Adapter\WLService.exe" "WUSB54G.exe (file missing) -- you may want to take care of that.

Hiead

Aug 5 2005, 11:09 pm

In response to Airjoe

Koshigia

Airjoe wrote:

Ack, I recently started getting spyware again. Think you guys could tell me what to delete?

HijackThis Log

Get rid of these...

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] ntsf.exe
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINNT\System32\lssas.exe (not to be confused with lsass.exe)
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [exp.exe] C:\WINNT\System32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINNT\System32\wintask.exe
O4 - HKLM\..\Run: [vidctrl] C:\WINNT\System32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [PSof1] C:\WINNT\System32\PSof1.exe
O4 - HKLM\..\Run: [regsync] C:\WINNT\System32\regsync.exe
O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] ntsf.exe
O4 - HKLM\..\RunServices: [CDdrv32] CDdrv32.exe
O4 - HKCU\..\Run: [NTSF MICROSOFT SYSTEM] ntsf.exe

These I am unsure of. The keylogger is your own, correct?

O4 - HKLM\..\Run: [winsync] C:\WINNT\system32\jajqna.exe reg_run
O4 - HKLM\..\Run: [igpwdll] C:\WINNT\igpwdll.EXE
O4 - HKLM\..\Run: [igpwenc] C:\WINNT\igpwenc.EXE
O4 - HKLM\..\Run: [PRJMUSKEYLOG] C:\Documents and Settings\Administrator\Desktop\MUSCKEY\PRJMUSKEYLOG.exe
O23 - Service: WUSB54GSVC - Unknown owner - C:\Program Files\Wireless-G USB Network Adapter\WLService.exe" "WUSB54G.exe (file missing)