Based on these symptoms I suspected some malware in the system (I do not know if they come from the same source):
- firstly my Avira stopped updating, noticed that after 5 or so days and tried to start update which ended with error message
- removed Avira and tried to download and reinstall it with no luck
- tried to run F-Secure online scan which made my screen flash and did not start
- got mail from Gmail stating that there is suspicious activity on my account and asking me to change password which I did. Had in my mailbox some undelivered mail I definitely had not sent, but addresses were from my address list
- tried to download Malwarebytes'Anti-malware, did not succeed
- tried downloading some other malware catchers (forgot the names) with no luck, either they did not download or did not work
- removed several programs (also Chrome) and files after which ran Ccleaner - downloaded Malwarebytes-etc. from another system and ran the scan from diskette. No problems found. Copied it down and left running
- downloaded HijackThis on another system to a diskette. Have run it several times since
& downloaded it to the hard disk. Include the latest output
- have also followed the activity on Task Manager. Here I need to understand the difference between IE and Firefox. IE starts several processes while FF only one. I guessed IE starts a new process for each new instance or tab, but it does not seem to follow that logic.
- checked the proxy setting, no proxy now though I *think* earlier I saw one which I removed.
Now my system seems to be behaving, but as I have no idea what might have caused it to recover, I am not confident enough to go to my bank account or such. Gurus out there, please tell me what to do?
And here is my HJT listing: (I know FF is ancient, I normally use Chrome in XP - there is also EComStation installed, but I do not believe any virus to recognize HPFS)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:14:45, on 13.2.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Thank you so much, Alden! The translated names mostly refer to normal services and many of them have the original name in parentheses, I am not real worried about them.
I asked about the iexplore processes because I read somewhere there is a virus which creates fake iexplore processes, is that so? Is there a way to list also the info on what started or spawned a process on the Task Manager list?
I ordered F-Secure and after I have installed it, I have to go back to work and stop worrying. You get kind of scared, thou, when your computer starts misbehaving.
the real processes are found in win32.having said that,sometimes the fakes install there as well.ive kept my computer clean for years with avira free antivirus,malwarebytes (feee),and superantispyware,also free.run regular scans and use a good cleanup program like ccleaner to clean crap files and registry.last and certainly not least a good defrag program.glad its working out for you.Al.
