| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 70842 | 2006-07-18 05:19:00 | HJT(1.99.1) smss.exe | notechyet (4479) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 471697 | 2006-07-18 05:19:00 | Hello I have just submited a HJT file to the HJT website to check and it shows up this one as being nasty: O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w Can someone tell me if I have to delete it? Thanks Gion |
notechyet (4479) | ||
| 471698 | 2006-07-18 05:41:00 | Hi Be carefull this could be part of windows. Bring up task manager there Should be one instance of this running. Have a look thru this site if you are not sure. www.answersthatwork.com Hth |
johnboy (217) | ||
| 471699 | 2006-07-18 06:08:00 | johnboy, thanks Why did it not show up a week ago when I did the last check? G |
notechyet (4479) | ||
| 471700 | 2006-07-18 06:37:00 | smss.exe is Windows NT Session Manager not sure about the /w on the end though, it is not on mine. www.processid.com |
zqwerty (97) | ||
| 471701 | 2006-07-18 07:04:00 | O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w Its part of the BackDoor-CXT Trojan vil.nai.com |
Pancake (6359) | ||
| 471702 | 2006-07-18 07:12:00 | Download Ewido Anti-Malware ( . ewido . net/ewido-setup . exe" target="_blank">download . ewido . net) Install Ewido Anti-Malware Double-click the icon on Desktop to launch EwidoYou will need to update Ewido to the latest definition files . On the top of the main screen click Shield Click the word active to change it to inactive On the top of the main screen click Update . Then click on Start Update . The update will start and a progress bar will show the updates being installed . If you are having problems with the updater, you can use this link to manually update Ewido . ( . ewido . net/ewido-signatures-full-current . exe" target="_blank">download . ewido . net) When you have finished updating, EXIT Ewido . Please reboot your computer into Safe Mode . To boot into Safe Mode, please restart your computer . Tap F8 before Windows loads . Select Safe Mode on the screen that appears . In Safe Mode,run Ewido . Click Scanner Click on the Scan tab Click Complete System Scan to begin scanning . When the scan is complete click Recommended Action and change it to Quarantine Then click Apply all actionsOnce finished, click the Save report button, then click Save Report As . This will create a text file . Make sure you know where to find this file again (like on the Desktop) . Restart back into Normal Mode . Please perform another scan with Hijack This, and then post back with a copy of the Ewido log and the new HijackThis log . |
Pancake (6359) | ||
| 471703 | 2006-07-18 08:43:00 | Thanks for that guys. I have found more of them, like the nvsvcd.exe So I have just to keep an eye, check and delete the stuff. Gion |
notechyet (4479) | ||
| 471704 | 2006-07-18 09:05:00 | post back with a copy of the Ewido log and the new HijackThis log. You may have more unseen ones. |
Pancake (6359) | ||
| 471705 | 2006-07-18 11:48:00 | Pancake, thanks I will do that and post the results tomorrow. Gion |
notechyet (4479) | ||
| 471706 | 2006-07-19 08:44:00 | Hi Pancake With Evido and HJT I managed to clear it all. Thanks for your help. :thumbs: G |
notechyet (4479) | ||
| 1 2 | |||||