h0m3r Posted November 29, 2006 Report Share Posted November 29, 2006 Sup guys, I need a little help. I think I got some lil nasty critters on my laptop. Ok, I've been playing RF for a few months, and everything is running fairly smoothly, until just recently I am getting hardcore lag spikes every few seconds. These are not slow internet lag spikes with red computer of death, these are maxed out CPU usage freeze ups. So I close RF and hit up the CTRL+ALT+DEL to check what processes are running and I find multiple 'ping.exe' and 'winlogon.exe' processes running. Which is bullshit... I've never had these running before and since they've appeared, shit has been messed. Then I google'd 'ping.exe', but everytime I've tried it, MY COMPUTER LOGS ME OUT AND RESTART OMFG. Then , I tried to download this free antivirus called Avast, because I haven't bothered to install an anti-virus since the last format. I kind of had to laugh at myself for being such a noob. I've got these virii (I guess that's what it is), but I can't even download this free AV to fix it. I don't want to format, because I can't be bothered right now with backing up important files (pr0n). What should I do? Does anyone know about this 'ping.exe / winlogon.exe' thing and why there are 23879 of them running in my task manager? Thanks. :ninjawub: Also forgot to mention: Pic0o or other l33t hax0r, do you think you could host Avast on your server? I am interested to know if it will restart my computer if I download the setup.exe from a server besides the official Avast server, or if the virus will restart my computer when I download Avast setup from any server. Or maybe there is another antivirus some people would like to host? :yar: And another note: my laptop LOGS ME OUT AND RESTARTS everytime I google 'spybot'. x_x Link to comment
Pic0o Posted November 29, 2006 Report Share Posted November 29, 2006 http://free.grisoft.com/doc/1 If you can't get it, I'll add a direct DL for ya. Link to comment
h0m3r Posted November 29, 2006 Author Report Share Posted November 29, 2006 Nice, I'll try that when I get home tonight. Thx :blunt: Link to comment
CatOnShrooms Posted November 30, 2006 Report Share Posted November 30, 2006 (edited) ping.exe is windows own ping utility winlogon.exe is windows own utility too, but theres a virus with same name. What is winlogon.exe? Is winlogon.exe spyware or a virus? -------------------------------------------------------------------------------- Process name: Windows NT/2000/XP Logon Application Product: Windows Company: Microsoft File: winlogon.exe Security Rating: The process "winlogon.exe" runs in the background. It's a part of the Windows Login subsystem. Winlogon is necessary for user authorization and checks the Windows XP activation code. Note: The winlogon.exe file is located in the C:\Windows\System32 folder. In other cases, winlogon.exe is a virus, spyware, trojan or worm! Check this with Security Task Manager. Virus with same name: W32.Netsky.D - see McAfee Symantec Corporation Trend Micro ping - ping.exe - Process InformationProcess File: ping or ping.exe Process Name: Microsoft Ping Utility Description: ping.exe is a process which belongs to the Microsoft Windows operating system and provides basic network testing functions for your LAN or the Internet. This is a non-essential process. Disabling or enabling it is down to user preference. Recommendation for ping.exe: Should not be disabled, required for essential applications to work properly. It is highly recommended to Run a Free Performance Scan to automatically optimize memory, CPU and Internet settings. Author: Microsoft Part Of: Microsoft Ping Utility Fix ping.exe Errors: Free Scan Remove ping.exe: Use WinTasks Boost ping.exe Performance: Free Scan Security Risk (0-5): 0 Spyware: No ( Remove ) Virus: No ( Remove ) Trojan: No ( Remove ) Memory Usage: N/A System Process: Yes Background Process: No Uses Network: No Hardware Related: No Common Errors: N/A my quess is u have sum kind of virus that makes your windows to run "ping.exe" and makes your "comp lag" Edited November 30, 2006 by CatOnShrooms Link to comment
Pic0o Posted November 30, 2006 Report Share Posted November 30, 2006 Another Tech Honored tradition of protection when you have evil-ware, is once Windows Boots up, Goto your Task Manager and Kill 'explorer.exe'. Your PC should stay in windows, but you desktop, start menu, and pretty much entire user shell will be shut down. To start a new task or program, you can bring up Task Manager, and do an Open or Run, for whatever app you need. It's easiest to load the spyware/evilware killers before you kill the explorer process. In the mean time, you could rename your Ping.exe in Windows\System32\ to Pong or something just as silly, if effort to error out the exploit running on your PC, until you can remove it completely. Link to comment
h0m3r Posted November 30, 2006 Author Report Share Posted November 30, 2006 Hmm, I'll try to rename the .exe's and get to the bottom of it, as well as kill explorer. I tried to DL the AVG from your Direct Link, but it rebooted. omfg x.x Other mysterious .exe's found in task manager: inetinfo.exe lsass.exe services.exe #NOTE these are all running under user, not SYSTEM Link to comment
h0m3r Posted November 30, 2006 Author Report Share Posted November 30, 2006 Just found out that it also reboots when I run 'msconfig' I just changed the AVG file extension to .doc when prompted to DL, and it didn't reboot! Could this be the secret answer?!!! Link to comment
frank_ Posted November 30, 2006 Report Share Posted November 30, 2006 Hmm, I'll try to rename the .exe's and get to the bottom of it, as well as kill explorer. I tried to DL the AVG from your Direct Link, but it rebooted. omfg x.x Other mysterious .exe's found in task manager: inetinfo.exe lsass.exe services.exe #NOTE these are all running under user, not SYSTEM Those services are all legit. If you need to know what something is, type it into google and clikc the 1st link, that liutilites.com site seems to be pretty helpful. Link to comment
h0m3r Posted November 30, 2006 Author Report Share Posted November 30, 2006 When I put ping.exe, winlogon.exe, etc into google, my laptop logs me out and reboots. :P Link to comment
h0m3r Posted December 1, 2006 Author Report Share Posted December 1, 2006 (edited) Ok guys, AVG just pwned the worms from my system. The worm was I-Worm/Brontok.C and it was in 'winlogon.exe' and 'lsass.exe' as well as several other files. Since downloading .exe files would reboot my computer, I changed the extension when prompted to .doc, then on download completion, changed it back to .exe. Then installed AVG and it immediately said, hey man you've got some nasties, and healed them up. Needless to say, I'm pretty stoked. :blunt: Right now it is scanning and has found 24 threats =p I guess this will wrap it up. Thanks for the help guys. Have some cookies, milk and ganj. Edited December 1, 2006 by h0m3r Link to comment
Pic0o Posted December 1, 2006 Report Share Posted December 1, 2006 Sweet Yo. You can pay me back by installing and playing WoW. :P Seriously, if you are still gaining an education, I'd stay the hell away from the game. :lol: Link to comment
Kat Posted December 1, 2006 Report Share Posted December 1, 2006 Weeeeee cookies!! and "other" treats! Link to comment
h0m3r Posted December 1, 2006 Author Report Share Posted December 1, 2006 I thought about WoW many times, but know what it will do to my limited free time (obliterate it). =p Wait isn't there a free trial going on now?! If so, I'ma try it. I'm registering for the 10 day trial. I bet this download is going to be monsterous. #EDIT: omfg, 3.5GB. I might have to stick to RF :D :D Link to comment
Pic0o Posted December 1, 2006 Report Share Posted December 1, 2006 You can get Demo Disk @ Circuit City for 2 bucks, w/ the 10 day trial. ;) Link to comment
Sk8Er Posted December 1, 2006 Report Share Posted December 1, 2006 just did, playing now but forget my nick, i think its kronicdank Link to comment
Recommended Posts