dh>2:@.exe - Weird process showing up

Discussion in 'other security issues & news' started by The.Terminator, Mar 25, 2005.

Thread Status:
Not open for further replies.
  1. The.Terminator

    The.Terminator Registered Member

    Joined:
    Aug 31, 2004
    Posts:
    7
    One PC in our company has a weird process running on his PC.
    The process is called dh>2:mad:.exe (see attachment).

    It's killable but re-appears after some time.
    We ran a spyware checker and removed the spyware, also searching on the filename gives no result because Windows (Windows2000, SP4 and patching with the latest security patches) sees the > sign as command instead of string.

    The PC doesn't behave strange (in other words, the user doesn't sees anything) however we don't know if it's doing something 'underwater'

    Also other clues what we can run / do ?

    TIA
     

    Attached Files:

  2. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    download adaware, spybot and m$ antispyware.

    let them update and reboot into safe mode.

    then run the three apps with your antivirus.

    in safe mode delete your temps, internet temps and downloaded program files (windows folder)

    reboot and see if it gone.

    Inf.
     
  3. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Also download ProcessExplorer and set the view to show the image path and command line (View>Select Columns>Process Image tab, check Image Path and Command Line). Before doing this, also empty out all temporary folders (the executable may be run from one of them).

    Blue
     
Loading...
Thread Status:
Not open for further replies.