Unknown connection accessing my computer, need help!

I think I have a virus on my computer.. or at least a hacker who created a connection and I cannot get rid of it, at least I do not know how. When I start up the computer, it says there is a ‘Duplicate name on the network’. In my task manager, System [System] runs on 98,808k .. I had 3 tabs open on internet explorer and 3 iexplore.exe[User] were running, so i closed the other 2 tabs, and 1 extra still remains. 1 runs on 83,024k and the other runs on 20,552k. I have 8 svchost.exe running, 2 are a [Local Service], 2 are [Network Service], and 4 are [System]. Also a ehrecvr.exe [System] runs on 5,002k and my dllhost.exe runs on 6,232k. I check my Temp folder often because I notice that is where lots of virus' unpack and sure enough, a DAT file named Perflib_perfdata_208 was there that I could not access because it was in use. I also know something is up because when I mess around with their source alg.exe[Local Service], it will start feeding off of mcrdsvc.exe [Local Service]. I notice the CPU jump up from program to program even then nothing is being ran. I do a lot of research in trying to figure out what could help or get rid of virus’ and a website I found said ‘Unlocker’ would help delete files that are locked. I found in my C: 2 folders that have various numbers and letters in the title and in both of those there were 2 folders, each had 6 items in each folder that were not deleteable. I took the Unlocker and deleted those 2 folders, as well as I tried on the file in the Temp folder, but it erases itself before the Unlocker deletes it. I found out that mcrdsvc.exe is your Media Center and I have never opened or used it, I opened it and changed the settings, nothing happened. As well I found out that this kind of virus could be coming through adobe, and every page i access on the internet, the yellow bar pops up for the add-on Adobe Flash Player. When i read that, I uninstalled my adobe programs, then went to the Adobe website and downloaded the only ones that I needed and the yellow bar still pops up.

He may have been accessing my computer for a while now. My event viewer shows he is accessing it daily at different times.

3:45:05-3:45:19, the User: SYSTEM accessed the ccSetMgr twice, ccEvtMgr twice and ccProxy twice and at 3:45:22 the User: N/A opens ARSVC and LightScribe Service. At 3:47 the SYSTEM opens SNDSrv twice and at 3:49 the User: N/A opens LoadPerf. Later that night at 10:24 it does multiple ntbackup and encounters a few Errors. And form 11:14 PM to 12:21 AM, he accesses ccEvtMgr, ccproxy, NSCServic, SNDServc, ccSetMgr, avg9emc, IdriverT and my Security Center. The next day at 10:35:17 the User:N/A accesses the EventSystem and gets an Error, which at 10:35:22 produced 16 warnings. For the days after he accesses the many programs i have listed as well as PerfNet(Error), DrWatson, Media Center Reciever and Scheduler, crypt32, gusvc, and HHCTRL.

Can someone tell me how to get rid of this connection?
2 answers Last reply
More about unknown connection accessing computer help
  1. kkalleefornia said:
    alg.exe[Local Service], mcrdsvc.exe [Local Service].

    Sorry, my mistake, they are actually Network Services, the website won't let me edit what i wrote. As well, the event log I wrote about is the Application Log, and the System Log is filled by hourly usage every day.
  2. If you really want to know what is going in/out of your machine, get NetPeeker.
    Go to this site and read all about it. It's $25.00 but worth every penny.


Ask a new question

Read More

Security Connection Computers Windows XP