Weird Processes

[wansingct]

OK, So I know a bit about what to look for and see a lot of extra B.S. processes running in my task manager. I run ad-aware, spybot, and still don't get them all gone. The kicker is that when I kill the process it starts itself (I'm assuming) back up but with a different name. The names always have a mix of lower and upper case letters and a number or two thrown in, but it seems to be random.

The thing that bothers me more thn anything is that something is shutting down my Norton Corporate about 30 seconds or so into every scan I start. The whole Norton thing really ticked me off so I did some filesystem and registry fishing and found some more stuff that didn't need to be there, deleted it and the problem still remained.

I ran hi-jack this and got rid of some of the entries, but that didn't have any effect on the processes I was trying to get rid of, although it did speed up my system some on reboots. It seems like something is injecting itself into my startup since there is a bit of a black screen (longer than I remember before) between the win2k3 screen with the grey scrolling bar (service initialization I think) and when it's working on bringing up all the network connections and applying the security policies.

Any help would be greatly appreciated......And don't be afraid to explain things technically, I do computers, I just can't figure out how I can't find the root of this......doh

 

[hambo_12]

Can you boot your system to DOS and then run norton from there??

Does safe mode still load this process??

 

[wansingct]

Update--- I think I got it all working ok. On the tip of one of my coworkers I think it was the Peper Trojan with some other associated "stuff". The way I solved it: went to the system32 folder, sorted everything by 'type' (so all the programs would be grouped togeter), unhid everything, and deleted all the programs with weird names that tried to hide themselves. Problem solved.

One great discovery though, in an e-mail my friend sent me about the Peper Trojan (he was calling it the sandboxer worm, seemed to be about the same thing in most of the research I did) I came across a program which found ALOT of stuff that adaware and spybot didn't. it's free and seems to work great.

www.ewido.com- it's the only tool they offer it seemed. Couldn't find any spyware it installed for itself or anything like that, but I could be wrong. Did a great job finding some of the leftovers from adaware and spybot.