-
May 26th, 2004, 07:45 PM
#1
suspect process
evening all
I'm in the process of cleaning up someones computer.... they had it infected not so long ago with scum ware. They've done what they can but have asked me to give it a going over. Thats not a problem and currently things like Spybot etc are being transferred onto this unclean pc. However whilst I'm waitng I've been looking through the process list. So my question.. anyone heard of tcjsp.exe?
google comes up with nothing, I've never heard of the process and am considering it suspect at the moment - anyone any other info?
For the record... its a WinMe box in case tcjsp.exe is a valid Me process (yes I know.... it's not mine ok - I wouldn't normally touch Me - don't suggest linux the folks who own this box aren't capable)
cheers all
Z
Quis Custodiet Ipsos Custodes
-
May 26th, 2004, 07:54 PM
#2
I think learning Linux is far more appealing than living with ME.
Other than that, I don't recognize the process name at all. Shut it down and see what happens.
Real security doesn't come with an installer.
-
May 26th, 2004, 08:02 PM
#3
Hi Zone~
It is not a required ME process.............I am running ME right now on this machine, and it is not there.
Cheers
-
May 26th, 2004, 08:06 PM
#4
hey D0pp - like I say I wouldn't normally touch Me myself - really the folks who own this computer are your average parents with a couple of youngish (10 and 12yr old) kids. Linux really isn't an option for them at the moment - although the eldest son shows promise so with a bit of luck the future may yet be rosy for this family 
anyway - shutting down the process doesn't seem to have done anything - which in itself isn't a bad thing but I would like to know what its doing.
The S&D scan has just finished - well not as bad as what I first thought but still not good (and oddly some unknown registry entries... hmmm )
anyway - onwards and upwards as they say.
cheers
Z
[edit] Ah Nihil - was hoping you would answer - I would have PM'd ya but I wasn't sure if you'd be about tonight. Ok not a required Me process... thats good enough for me it's dying.
cheers
[edit 2] grr... bloody stupid 'spread the wealth' message.... the greenies are there in spirit Nihil
Quis Custodiet Ipsos Custodes
-
May 26th, 2004, 08:08 PM
#5
I've said it before, that Me is a stand alone system, used for games in the main.
Linux may be out, but surely an upgrade to XP Pro ?
As for the process, as said by D0pp139an93r; stop it NOW, try the system without it for a while, then after a couple of days, quarantine it, not delete, just in case........
Can you find it in the system, properties etc, maybe deny or disable ? Of course, if it's a system file it will regenerate each time you re-boot anyway.
Don't forget the usual:
Safe mode AV scan, AdAware, SpyBot S+D and CWShredder, even HiJack This to see what the log says about it.
You never know WHATS out there.
Good luck.
[edit] Nihil to the rescue AGAIN, I swear that man doesn't sleep [/edit]
so now I'm in my SIXTIES FFS
WTAF, how did that happen, so no more alterations to the sig, it will remain as is now
Beware of Geeks bearing GIF's
come and waste the day :P at The Taz Zone
-
May 26th, 2004, 08:11 PM
#6
Hey Zone~
Whilst you are there, what are the technical specs of the box..........like processor, RAM, video?
Might as well do something proactive whilst we are there?
Cheers
-
May 26th, 2004, 08:13 PM
#7
oh... I can't be bothered with an edit 3....
foxy... well yes Xp pro is going to be a suggestion tomorrow morning - even though I know it'll just be pissing in the wind
process has already been stopped... computer is currently in quarantine believe me - not letting it anywhere near my network just yet - this is being typed on my pc. Shall be looking for the buggers location etc soon as I have gone through the normal routine 
Z
[edit 4] Foxy you're right - Nihil - you ain't taking some sort of angeldust are you?!?
Tech specs of the box.... such as they are - this thing hasn't got Belarc on... I may just lob that on there myself later
dell dimension 2100 so ***** knows what kind of processor (other than a 'genuine intel') it is... I tend not to go for dells myself.
127Mb RAM
40GB HD
standard CDRW
video looks like a standard onboard intel 82810
Quis Custodiet Ipsos Custodes
-
May 26th, 2004, 08:16 PM
#8
not finding any mention of it on the web besides a internal tivoli file...i doubt that is correct, my sugestion is to see if its running , and see if its opening ports. You may wantt ohit it with spy++ to see what its doing inprocess and dependency walker to see what dll's its calling. Strikes me as a java file for some reason but im honestly not sure/
Who is more trustworthy then all of the gurus or Buddha’s?
-
May 26th, 2004, 08:23 PM
#9
get a program that shows you the running processes in detail, and it it will tell you where its running from. Then check the folder for more details on the file.
http://www.glocksoft.com
download Advanced Administrative Tools, its free for 45 days...and run its process viewer.
EDIT: http://www.snapfiles.com/get/everest.html
Try Everest too. Someone recommended it to me about some issues I was having. It will give you very good details of the computer....EVERYTHING! .....except passwords lol. Best of all, its freeware.
-
May 26th, 2004, 08:48 PM
#10
Hi Zone~
I guess it has some sort of Celeron processor..........you DON'T want XP with only 128Mb of RAM!. That box will only support 2x256Mb strips for a total of 512Mb. It isn't really up to XP IMHO, but I would get some more memory, as 128 isn't really enough for WinME either. I guess it will be PC133. Should be able to get a 256Mb strip quite cheaply, not quite so if it is only PC100........beware you get the same CL (clock latency) value..............check out the cruicial memory site and use their selector tool.
As for the other question:
Kumala Pinotage-Cinsault Western Cape
BTW I built my wife a Duron 1.3 with 512Mb. It has run Me stably for over two years
Cheers
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|