I have 709 processess running on a win2k pc.
these 2 programs are repeating them selfs over and over.
844b7whatk.exe and 8wlo0jlvhs.exe/
is this a virus? I ran adware and spybot s&d and they found nothing.
I also did a google search on them and nothing.
what are they?

Recommended Answers

All 3 Replies

Do you ahve a virus scan program .If Yes do a scan ,also run the online scan in my signature .
If you want you could get HIJACKTHIS in my signature and run it don't fix anything yet
, and post a log ,
How to download and use hijackthis -- http://www.netstar.me.uk/hjt/hjt.html

sorry took so long my friend took awhile to send me the file.
I cut out alot of the repeated files from the log already other wise it would take up alot of space.

Logfile of HijackThis v1.97.7
Scan saved at 4:59:10 PM, on 2/29/2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP2 (5.00.2920.0000)

Running processes:
C:\Program Files\3dhq Tools\v_ctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\PB41\Local Settings\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINNT\system32\searchbar.html
O2 - BHO: TX4 - {00000000-0C95-B1F8-547A-405204D6961A} - C:\WINNT\System32\avifile32.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [xv_crtl] C:\Program Files\3dhq Tools\v_ctrl.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [bkf8r4vgh0] C:\WINNT\8w1o0jlvhs.exe
O4 - HKLM\..\Run: [xy0dl5iy4t] C:\WINNT\8w1o0jlvhs.exe
O4 - HKLM\..\Run: [mcopxlwar9] C:\WINNT\844b7whatk.exe
O4 - HKLM\..\Run: [8p22sdksl2] C:\WINNT\844b7whatk.exe
O4 - HKLM\..\Run: [gji8bpvyat] C:\WINNT\844b7whatk.exe
O4 - HKLM\..\Run: [xczevuy47j] C:\WINNT\8w1o0jlvhs.exe
O4 - HKLM\..\Run: [stlgk5k1hg] C:\WINNT\844b7whatk.exe
O4 - HKLM\..\Run: [1m2m49w6f7] C:\WINNT\8w1o0jlvhs.exe

O13 - WWW. Prefix: http://ehttp.cc/?
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/015e51105c1e2e5c8205/netzip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031010/qtinstall.info.apple.com/mickey/us/win/QuickTimeFullInstaller.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash4/cabs/swflash.cab

You've been infected with the Blaster worm, which spawns random filename processes if one of them gets killed.

Do a search on Google for a Blaster removal tool, such as from Symantec, Sophos, etc., then PATCH YOUR BOX using Windows Update - specifically, the DCOM update.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, learning, and sharing knowledge.