is computer infected ?

Discussion in 'malware problems & news' started by merrygoround, Dec 23, 2006.

Thread Status:
Not open for further replies.
  1. merrygoround

    merrygoround Registered Member

    Joined:
    Dec 23, 2006
    Posts:
    6
    each time i turn on the computer, the system32/partizan.rri comes up and it takes 2 minutes to run until it reaches to the main screen. and it always run up to 50 processes, the cpu is high. there is something wrong but i dont know wat is it that cause my computer to be like this. is it a virus ? please helpp meee :'(
     
  2. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Hello,

    do u not know where this partizan.rri originates from?

    I googled it and the results came up as having something to do with the app, UnHackMe.... :doubt:



    snowbound
     
  3. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    Correct Snowbound

    The file along with 2 others are dropped into system32 folder when you install unhackme.They are also left behind after uninstalling unhackme o_O

    So merrygoround do you by any chance have unhackme installed with their test rootkit attached ?
     
  4. merrygoround

    merrygoround Registered Member

    Joined:
    Dec 23, 2006
    Posts:
    6
    no i didnt install unhackme. so strange : (
     
  5. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    How about RegRun?
     
  6. merrygoround

    merrygoround Registered Member

    Joined:
    Dec 23, 2006
    Posts:
    6
    yea, i got it fixed, but the computer still takes at most 2 minutes to load to the windows. is there a way to stop most of the processes from running each time i turn on my computer? or is it caused by a virus or some sort
     
  7. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    You can access the startup list of programs by clicking on the Start button, then click on Run and a box will open. Type MSCONFIG in the box, then click OK. Then another window which has a title of System Configuration Utility will show up. Click on the Services and Startup tabs to display what progams are loaded at the bootup process. Uncheck those programs that you don't want to load when you boot up. Be aware that you might be stopping a needed program when you do this, but if you are pretty sure that a particular program is not needed, then unchecking it will decrease the memory usage load on the PC. I also use two programs called AutoRuns and Process Explorer to monitor what is running on my PC.
    http://www.microsoft.com/technet/sysinternals/Processesandthreadsutilities.mspx
     
  8. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    By the way, what I mentioned previously may not work if you have a trojan that has infected certain system folders and would not show up in the System Configuration Utility display. In this case, I would recommend that you run a utility called Hijackthis (Merijn.org) and then post the log report in a help forum (NOT this one) such as spwareinfo.com or castlecops.com. Hijackthis might indicate a hidden trojan on your system, but it is not foolproof. But I would do what I previously posted first.
     
  9. merrygoround

    merrygoround Registered Member

    Joined:
    Dec 23, 2006
    Posts:
    6
    ill try it asap, before that can i ask if Isass.exe something bad?
     
  10. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
  11. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    That file may or may not be a keylogger program. It would be best to have the suspect file scanned. You can use the Kaspersky online file scanner or the one mentioned in the previous post to see if anything suspicious is in the file.

    http://www.kaspersky.com/remoteviruschk.html

    Some articles about that file:
    http://www.2-spyware.com/file-isass-exe.html
    http://www.superadblocker.com/definition/isass/
    http://www.liutilities.com/products/wintaskspro/processlibrary/isass/
     
  12. merrygoround

    merrygoround Registered Member

    Joined:
    Dec 23, 2006
    Posts:
    6
    this is all the files that were running

    igfxtray.exe
    hkcmd.exe
    tfswctrl.exe
    apoint.exe
    AGRSMMSG.exe
    HWsetup.exe
    SVPWUTIL.exe
    fnkeyhook.exe
    ceekey.exe
    tpsmain.exe
    padexe.exe
    zoominghook.exe
    cfsserv.exe
    IMJPMIG.exe
    imscinst.exe
    TINTSETP.exe
    TINTSETP.exe
    qttask.exe
    ctfmon.exe



    i dont know which one is good or needed to run my computer and ones that are not needed
     
  13. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
  14. merrygoround

    merrygoround Registered Member

    Joined:
    Dec 23, 2006
    Posts:
    6
    i searched on all the files and they are not virus caused, but for some reason my computer continues to run with many processes and it runs reallllly slow on the startup each time
     
  15. ASpace

    ASpace Guest

    Download

    MS Process Explorer

    http://www.microsoft.com/technet/sysinternals/Utilities/ProcessExplorer.mspx


    MS AutoRuns
    http://www.microsoft.com/technet/sysinternals/utilities/autoruns.mspx

    When you start it , choose to hide Microsoft stuff



    MS Rootkit Revealer

    http://www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.mspx
    Scan with it


    Scanning with good antivirus/antispyware will help
     
  16. canalman

    canalman Registered Member

    Joined:
    Jan 10, 2007
    Posts:
    1
  17. daktari

    daktari Registered Member

    Joined:
    Feb 8, 2007
    Posts:
    1
    Correct.

    Invited or not, you have - or had - UnHackMe installed on your system at one time or another. Its either still installed, or it left orphan files when it was uninstalled that cause the opening screen msg about "partizan.rri" running.

    If you want that off your system:

    1
    Use start->control panel->add-remove programs to remove UnHackMe - if its still there.

    2
    Whether or not UnHackMe shows on the programs list, go to

    c->windows->system32 where you should find three orphan files (see image)

    partizan.log
    partizan.pbk
    partizan.rri

    Delete all three orphan files

    3
    Reboot your system

    The UnHackMe start-up issue should be gone.

    Worked for me.
     

    Attached Files:

  18. Redmeansdead

    Redmeansdead Registered Member

    Joined:
    Apr 22, 2007
    Posts:
    5
    thanks daktari I appreciate the info
    I have this issue also and forgive me for interjecting but my situation seems worse hopeless even

    If I cant get past the start screen which says
    \??\C:\WINDOWS\system32\partizan.rri effectively I cannot boot into my system then how do I get rid of those 3 'unhack me':blink: generated files
    does any one know how to get past the start screen (also cant boot or get past a list of drivers when I tried safe mode)
    does it mean I have corrupted these files and probably the entire system too?
    if so next step reinstall windows
    Redmeansdead
     
    Last edited: Apr 23, 2007
Loading...
Thread Status:
Not open for further replies.