Azure Jane Lunatic (azurelunatic) wrote,
Azure Jane Lunatic
azurelunatic

Security, computer

Note: Any process running with company name "tmax" is bad news. Squash it like the bug it is. Thanks to AdAware and Spybot Search & Destroy (recommended to me by sraun, IIRC) I'm getting decent at this.

AdAware's log files give me more complete information on my processes than the Task Mangler Manager does, so I can make up a list of what does belong and what does not belong. In fact, some day when I have time, I'm going to make up an explicit file stating what does and does not belong as a process on my computer when pretty much everything is closed.

Oh, and Lycos is on my shitlist too, because I didn't ask them to install anything. C:\Program Files\Lycos gets installed without me asking. Grr, argh. "Clearsearch" is what it gets called.


These two are tmax:
C:\WINNT\System32\etuplogs.exe
C:\WINNT\pup.exe


My strong suspicion is that someone with an unclean system slipped me the tmax thing, possibly over AIM; I've heard (much to my regret) that now certain bad things can propagate over AIM without the user necessarily knowing about it, grr, argh.


#:30 [etuplogs.exe]
FilePath : C:\WINNT\System32\
ThreadCreationTime : 4-2-2004 4:24:04 PM
BasePriority : Normal
FileSize : 64 KB
FileVersion : 4.00.0001 8Produc
ProductVersion : 4.00.0001 (Intern
CompanyName : tmax 4
InternalName : pup 8
OriginalFilename : pup.exe ???
ProductName : dawglife 4File
Created on : 4/2/2004 4:24:02 PM
Last accessed : 4/2/2004 4:24:02 PM
Last modified : 3/31/2004 6:11:20 PM
LUNATIC NOTE: BAD! DELETED!
delete C:\WINNT\System32\etuplogs.exe
delete C:\WINNT\pup.exe

#:31 [cs4p081.exe]
FilePath : C:\WINNT\
ThreadCreationTime : 4-2-2004 4:24:35 PM
BasePriority : Normal
FileSize : 79 KB
FileVersion : 1, 4, 0, 4
ProductVersion : 1, 4, 0, 4
Copyright : Copyright 2003, 2004
CompanyName : Clear Search
FileDescription : Loader
InternalName : Loader
OriginalFilename : Loader.exe
ProductName : Loader
Created on : 4/2/2004 4:24:35 PM
Last accessed : 4/2/2004 4:24:35 PM
Last modified : 3/25/2004 12:46:52 AM
LUNATIC NOTE: BAD! DELETED!
delete C:\WINNT\cs4p081.exe
delete C:\Program Files\Lycos

And the one from last time...
#:28 [playd.exe]
FilePath : C:\WINNT\System32\
ThreadCreationTime : 03-01-2004 6:52:17 AM
BasePriority : Normal
FileSize : 64 KB
FileVersion : 1.00.0001 8Produc
ProductVersion : 1.00.0001 0Intern
CompanyName : tmax 0
InternalName : pupdate @Orig
OriginalFilename : pupdate.exe ????4??
ProductName : werule 4Fi
Created on : 03/01/2004 6:51:59 AM
Last accessed : 03/01/2004 6:51:59 AM
Last modified : 02/12/2004 7:23:06 AM

Note: Unless you're good at monkeying around with the innards of your computer, I strongly suggest you leave it to the professionals, or just look and don't poke. If I fux0r my own system, you will certainly hear me crying about it, but I won't be crying for help so much as I'd just be crying, mostly at my own stupidity.
Subscribe
Comments for this post were disabled by the author