Virus or Hijack???

G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

I have a problem with internet explorer getting very slow,
to the point that pages just won't load after I have been
on for a little while. For example, if I try to load a
specific page after having browsed through 4 or 5 pages,
the new page may take a very long time to load, often not
loading ever. But if I exit internet explorer then launch
it fresh and type that same page URL in the address bar
then it will open immediately. Then again after a very
short time pages will load very slowly and the same
problem comes back.

I have found that this problem doesn't exist when I log
into the computer as the system administrator. Only when
I log in with my own user account. This is not a
practical solution, only a temporary work around.

I have compared all of the running processes shown in the
task manager and only two additional items show up when
logged in with my own user ID. Apoint.exe and
Realsched.exe. A search indicates that neither of these
are a threat.

I searched on all of the running processes and found one
named ssys.exe that is reported to be a threat. I am
unable to stop the process, and every attempt to remove it
from the registry fails. In the registry in appears as
*ssys.exe. When I delete it and then recheck it has
returned. And I don't find it in the folder that the
registry thinks it is in. Search doesn't find it on the
computer at all.

I've tried running several spyware programs and Virtumundo
keeps showing up using Adaware. I remove it but when I
scan again it has come back. I'm not sure that this or
the ssys.exe problem are related to the internet problem
because both are there when I log in as administrator or
with my own user account.

Any ideas or suggestions at this point would be greatly
appreciated.
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

First step is identifying what that is. Run an AV scan using an up to date
AV scanner such as www.grisoft.com which is free, if you haven't already. If
you have and nothing was found, do a second opinion scan from
http://housecall.antivirus.com and submit a copy of the suspicious file to
one or more AV vendors.

Network Associates (McAfee) <virus_research@nai.com>
Symantec (Norton) <avsubmit@symantec.com>
Trend Micro (PC-cillin) <virus_doctor@trendmicro.com>

Command Software <virus@commandcom.com>
Computer Associates (US) <virus@ca.com>
Computer Associates (Vet/EZ) <ipevirus@vet.com.au>
DialogueScience (Dr. Web) <Antivir@dials.ru>
Eset (NOD32) <sample@nod32.com>
F-Secure Corp. <samples@f-secure.com>
Frisk Software (F-PROT) <viruslab@f-prot.com>
Grisoft (AVG) <virus@grisoft.cz>
H+BEDV (AntiVir): <virus@antivir.de>
Kaspersky Labs <newvirus@kaspersky.com>
Norman (NVC) <analysis@norman.no>
Sophos Plc. <support@sophos.com>


"Jim Clark" wrote:

> I have a problem with internet explorer getting very slow,
> to the point that pages just won't load after I have been
> on for a little while. For example, if I try to load a
> specific page after having browsed through 4 or 5 pages,
> the new page may take a very long time to load, often not
> loading ever. But if I exit internet explorer then launch
> it fresh and type that same page URL in the address bar
> then it will open immediately. Then again after a very
> short time pages will load very slowly and the same
> problem comes back.
>
> I have found that this problem doesn't exist when I log
> into the computer as the system administrator. Only when
> I log in with my own user account. This is not a
> practical solution, only a temporary work around.
>
> I have compared all of the running processes shown in the
> task manager and only two additional items show up when
> logged in with my own user ID. Apoint.exe and
> Realsched.exe. A search indicates that neither of these
> are a threat.
>
> I searched on all of the running processes and found one
> named ssys.exe that is reported to be a threat. I am
> unable to stop the process, and every attempt to remove it
> from the registry fails. In the registry in appears as
> *ssys.exe. When I delete it and then recheck it has
> returned. And I don't find it in the folder that the
> registry thinks it is in. Search doesn't find it on the
> computer at all.
>
> I've tried running several spyware programs and Virtumundo
> keeps showing up using Adaware. I remove it but when I
> scan again it has come back. I'm not sure that this or
> the ssys.exe problem are related to the internet problem
> because both are there when I log in as administrator or
> with my own user account.
>
> Any ideas or suggestions at this point would be greatly
> appreciated.
>