suspect process
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: suspect process

  1. #1
    Senior Member Zonewalker's Avatar
    Join Date
    Jul 2002
    Posts
    949

    suspect process

    evening all

    I'm in the process of cleaning up someones computer.... they had it infected not so long ago with scum ware. They've done what they can but have asked me to give it a going over. Thats not a problem and currently things like Spybot etc are being transferred onto this unclean pc. However whilst I'm waitng I've been looking through the process list. So my question.. anyone heard of tcjsp.exe?

    google comes up with nothing, I've never heard of the process and am considering it suspect at the moment - anyone any other info?

    For the record... its a WinMe box in case tcjsp.exe is a valid Me process (yes I know.... it's not mine ok - I wouldn't normally touch Me - don't suggest linux the folks who own this box aren't capable)

    cheers all

    Z
    Quis Custodiet Ipsos Custodes

  2. #2
    @ÞΜĮЙǐЅŦГǻţΩЯ D0pp139an93r's Avatar
    Join Date
    May 2003
    Location
    St. Petersburg, FL
    Posts
    1,696
    I think learning Linux is far more appealing than living with ME.


    Other than that, I don't recognize the process name at all. Shut it down and see what happens.
    Real security doesn't come with an installer.

  3. #3
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hi Zone~

    It is not a required ME process.............I am running ME right now on this machine, and it is not there.

    Cheers

  4. #4
    Senior Member Zonewalker's Avatar
    Join Date
    Jul 2002
    Posts
    949
    hey D0pp - like I say I wouldn't normally touch Me myself - really the folks who own this computer are your average parents with a couple of youngish (10 and 12yr old) kids. Linux really isn't an option for them at the moment - although the eldest son shows promise so with a bit of luck the future may yet be rosy for this family

    anyway - shutting down the process doesn't seem to have done anything - which in itself isn't a bad thing but I would like to know what its doing.

    The S&D scan has just finished - well not as bad as what I first thought but still not good (and oddly some unknown registry entries... hmmm )

    anyway - onwards and upwards as they say.

    cheers

    Z

    [edit] Ah Nihil - was hoping you would answer - I would have PM'd ya but I wasn't sure if you'd be about tonight. Ok not a required Me process... thats good enough for me it's dying.

    cheers

    [edit 2] grr... bloody stupid 'spread the wealth' message.... the greenies are there in spirit Nihil
    Quis Custodiet Ipsos Custodes

  5. #5
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,528
    I've said it before, that Me is a stand alone system, used for games in the main.
    Linux may be out, but surely an upgrade to XP Pro ?
    As for the process, as said by D0pp139an93r; stop it NOW, try the system without it for a while, then after a couple of days, quarantine it, not delete, just in case........

    Can you find it in the system, properties etc, maybe deny or disable ? Of course, if it's a system file it will regenerate each time you re-boot anyway.

    Don't forget the usual:
    Safe mode AV scan, AdAware, SpyBot S+D and CWShredder, even HiJack This to see what the log says about it.

    You never know WHATS out there.

    Good luck.

    [edit] Nihil to the rescue AGAIN, I swear that man doesn't sleep [/edit]
    55 - I'm fiftyfeckinfive and STILL no wiser,
    OLDER yes
    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

  6. #6
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hey Zone~

    Whilst you are there, what are the technical specs of the box..........like processor, RAM, video?

    Might as well do something proactive whilst we are there?

    Cheers

  7. #7
    Senior Member Zonewalker's Avatar
    Join Date
    Jul 2002
    Posts
    949
    oh... I can't be bothered with an edit 3....

    foxy... well yes Xp pro is going to be a suggestion tomorrow morning - even though I know it'll just be pissing in the wind

    process has already been stopped... computer is currently in quarantine believe me - not letting it anywhere near my network just yet - this is being typed on my pc. Shall be looking for the buggers location etc soon as I have gone through the normal routine

    Z

    [edit 4] Foxy you're right - Nihil - you ain't taking some sort of angeldust are you?!?

    Tech specs of the box.... such as they are - this thing hasn't got Belarc on... I may just lob that on there myself later

    dell dimension 2100 so ***** knows what kind of processor (other than a 'genuine intel') it is... I tend not to go for dells myself.
    127Mb RAM
    40GB HD
    standard CDRW
    video looks like a standard onboard intel 82810
    Quis Custodiet Ipsos Custodes

  8. #8
    Senior Member
    Join Date
    Mar 2003
    Location
    central il
    Posts
    1,779
    not finding any mention of it on the web besides a internal tivoli file...i doubt that is correct, my sugestion is to see if its running , and see if its opening ports. You may wantt ohit it with spy++ to see what its doing inprocess and dependency walker to see what dll's its calling. Strikes me as a java file for some reason but im honestly not sure/
    Who is more trustworthy then all of the gurus or Buddha’s?

  9. #9
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,840
    get a program that shows you the running processes in detail, and it it will tell you where its running from. Then check the folder for more details on the file.

    http://www.glocksoft.com

    download Advanced Administrative Tools, its free for 45 days...and run its process viewer.


    EDIT: http://www.snapfiles.com/get/everest.html

    Try Everest too. Someone recommended it to me about some issues I was having. It will give you very good details of the computer....EVERYTHING! .....except passwords lol. Best of all, its freeware.

  10. #10
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hi Zone~

    I guess it has some sort of Celeron processor..........you DON'T want XP with only 128Mb of RAM!. That box will only support 2x256Mb strips for a total of 512Mb. It isn't really up to XP IMHO, but I would get some more memory, as 128 isn't really enough for WinME either. I guess it will be PC133. Should be able to get a 256Mb strip quite cheaply, not quite so if it is only PC100........beware you get the same CL (clock latency) value..............check out the cruicial memory site and use their selector tool.

    As for the other question:

    Kumala Pinotage-Cinsault Western Cape


    BTW I built my wife a Duron 1.3 with 512Mb. It has run Me stably for over two years

    Cheers

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •