Uncontrollable Executable

Fallen

Distinguished
Dec 30, 2002
168
0
18,680
I'm about to lose my mind! I have an executable running in my list of processes called playanti.exe. It just showed up and now it won't go away. Every time I kill the damn thing it comes back (due to a registry entry that also comes back). If I delete the executable, a new one is just created (in C:\WINDOWS\security\Database). What the hell is this thing and how do I insure that it never bothers me again?

Thanks!
 

KingLewie2152uk

Distinguished
Nov 12, 2004
19
0
18,510
Try using Adaware SE, newest version + update it! That searches through not only your files but it also goes throiugh your registry, eliminating keys that shouldn't be there!
 

folken

Distinguished
Sep 15, 2002
2,759
0
20,780
Also, scan from safe mode so the thing isn't running while you try and remove it.

<A HREF="http://www.folken.net/myrig.htm" target="_new">My precious...</A>
 

Fallen

Distinguished
Dec 30, 2002
168
0
18,680
Yeah, I've scanned in and out of safe mode. It doesn't really matter as the damn thing is running in safe mode also. It seems strange to me that there is virtually no mention of this process anywhere on the web.
 

Fallen

Distinguished
Dec 30, 2002
168
0
18,680
I'm not 100% sure. It doesn't seem to really do anything until I'm on the internet. When IE handles a link (for a download or an IRC link) it seems to take forever. I'm under the impression that it may be doing something to my network traffic.
 
tempory solution:

Get ZoneAlarm (warez style) and deny it access to the internet when it requests it

_______________________
<A HREF="http://www.moviewavs.com/MP3S/TV_Shows/Simpsons/flanderssong.mp3" target="_new">Audio Sig</A>
 

bjpatrick

Distinguished
Sep 26, 2004
336
0
18,780
Welll, have you updated your anti-virus and run it lately. (You probably have) You are als download a registry cleaner and try that. If all else fails. Reload windows.

bjpatrick@gmail.com
 

Fallen

Distinguished
Dec 30, 2002
168
0
18,680
It doesn't matter now. I took care of it the old fashioned way (Format C:). ZoneAlarm didn't report any outgoing traffic, but etheral said that I had a crapload of outgoing TCP traffic. In general, I never run anti-virus software, but I installed Symantec for this occassion. It didn't find any problem (no surprise there). Regcleaner didn't find anything either. HijackThis found the problem, but couldn't clear it up. In a last ditch effort, I granted my self system privelages and tried to kill it. No dice. I'll write to Unsolved Mysteries and see if I can get an answer. Anyway, thanks for help guys!
 

Jake_Barnes

Splendid
In general, I never run anti-virus software ...
I think we've found the source of your problems ... and firewalls would just get in the way too, huh?



<b> ...more people are driven insane through religious hysteria than by drinking alcohol - W.C. Fields </b>
 

RichPLS

Champion
No offence intended, but it is utterly stupid not to run some version of antivirus and firewall s/w and if you have a broadband connection then add a hardware firewall.
Antivirus should be included with every PC sold, like the o/s is. In fact, an anti-virus should be intergrated into windows [gulp!]

<font color=red><pre>\\//__________________________________
And the sign says "You got to have a membership card to get inside" Huh
So I got me a pen and paper And I made up my own little sign</pre><p></font color=red>
 

Fallen

Distinguished
Dec 30, 2002
168
0
18,680
I've never had any problems with viruses, and I'm not really sure that this was a virus. If it had been a virus, Symantec would have detected it. Most viruses are transmitted through email or are the result of someone clicking something that they shouldn't have. I have had a broadband connection for about five years now, and have never had a virus.

My internet gateway PC (slackware linux) was designed to act as a router and firewall, and I feel confident that it is secure.

Anyway, thanks for everyone's help
 
I've never had any problems with viruses

At least, not that you know of. :wink:

It's rare that you can install AV software after an infection and have it properly detect viruses. I would do a free online scan to be absolutely sure... I use Panda Activescan when I'm not sure about a virus infection. Once I know there's no infection, then I'll install AV software.

Was your AV completely up to date when you did the scan? (Never hurts to be sure) If it wasn't, then that's why it didn't pick up on the virus.

<font color=red> If you design software that is fool-proof, only a fool will want to use it. </font color=red>
 

Fallen

Distinguished
Dec 30, 2002
168
0
18,680
Yeah, it was up to date. I've used Panda before, but never with any real success. I imagine that any reasonably intelligent virus author would have the foresight to work around post-infection installs. At any rate, it is gone now. I'd had that XP install for over a year, and with the frequency of my hardware upgrades, it was probably time for a clean install. I've got a tidy little network going, so reinstalling only costs me my time; I don't lose files