Unidentifiable Process

Discussion in 'Computer Support' started by Jon Watson, Jul 10, 2004.

  1. Jon Watson

    Jon Watson Guest

    Recently a program called 'dwnuptd.exe' has appeared, and started trying to
    access the internet! Zonealarm 5 warns me.

    I can go into task manager and kill it off, but is always seems to reappear,
    and I haven't been able to find a consistent pattern of what triggers it.

    In addition, I have performed a search and found it to keep appearing on
    C:\Documents and Settings\Jon\Application Data, from where I then delete it.

    I am having zero response from Adaware, and Spybot, and also have Norton
    scanned the file. Spywareblaster is also running and my Windows updates are
    all on. Nothing shows.

    The program name does not appear on Google, unlike every other process I
    have checked.

    Can anyone help please?

    Cheers,
    Jon
    Jon Watson, Jul 10, 2004
    #1
    1. Advertising

  2. Jon Watson

    Duane Arnold Guest

    "Jon Watson" <> wrote in
    news:ccpndt$evh$:

    > Recently a program called 'dwnuptd.exe' has appeared, and started
    > trying to access the internet! Zonealarm 5 warns me.
    >
    > I can go into task manager and kill it off, but is always seems to
    > reappear, and I haven't been able to find a consistent pattern of what
    > triggers it.
    >
    > In addition, I have performed a search and found it to keep appearing
    > on C:\Documents and Settings\Jon\Application Data, from where I then
    > delete it.
    >
    > I am having zero response from Adaware, and Spybot, and also have
    > Norton scanned the file. Spywareblaster is also running and my


    All of that kind of programming technology for detection is always a dime
    short and dollar late.

    > Windows updates are all on. Nothing shows.
    >
    > The program name does not appear on Google, unlike every other process
    > I have checked.
    >
    > Can anyone help please?
    >


    http://www.windowsecurity.com/articles/Hidden_Backdoors_Trojan_Horses_and
    _Rootkit_Tools_in_a_Windows_Environment.html

    You can use the tools being explained in the link. There should be some
    articles out on Google on how to use *Process Explorer* to pin point a
    hidden process that's exploiting the machine.

    You should look around for youself from time to time with the tools being
    explined in the link.

    The protection starts with the O/S if you have one that security can be
    implemented. The buck stops at the O/S.

    http://www.uksecurityonline.com/index5.php

    Duane :)
    Duane Arnold, Jul 10, 2004
    #2
    1. Advertising

  3. Jon Watson

    °Mike° Guest

    Submit it for scanning here:
    http://www.kaspersky.com/scanforvirus

    If KAV says it's clean, but it's obviously suspicious,
    submit it for analysis here:


    On Sat, 10 Jul 2004 22:34:52 +0100, in
    <ccpndt$evh$>
    Jon Watson scrawled:

    >Recently a program called 'dwnuptd.exe' has appeared, and started trying to
    >access the internet! Zonealarm 5 warns me.
    >
    >I can go into task manager and kill it off, but is always seems to reappear,
    >and I haven't been able to find a consistent pattern of what triggers it.
    >
    >In addition, I have performed a search and found it to keep appearing on
    >C:\Documents and Settings\Jon\Application Data, from where I then delete it.
    >
    >I am having zero response from Adaware, and Spybot, and also have Norton
    >scanned the file. Spywareblaster is also running and my Windows updates are
    >all on. Nothing shows.
    >
    >The program name does not appear on Google, unlike every other process I
    >have checked.
    >
    >Can anyone help please?
    >
    >Cheers,
    >Jon
    >


    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
    °Mike°, Jul 11, 2004
    #3
  4. Jon Watson

    Jon Watson Guest

    Cheers Mike - that's the only place that has confirmed the 'dwnuptd.exe'
    actually has a virus!

    It contains TrojanDownloader.Win32.Small.na and is packed with UPX.

    Unfortunately, nowhere seems to have any info on the '.na' strain of this
    Trojan, so I am unsure how to remove!


    "°Mike°" <> wrote in message
    news:40f8746f.49909875@localhost...
    > Submit it for scanning here:
    > http://www.kaspersky.com/scanforvirus
    >
    > If KAV says it's clean, but it's obviously suspicious,
    > submit it for analysis here:
    >
    >
    > On Sat, 10 Jul 2004 22:34:52 +0100, in
    > <ccpndt$evh$>
    > Jon Watson scrawled:
    >
    > >Recently a program called 'dwnuptd.exe' has appeared, and started trying

    to
    > >access the internet! Zonealarm 5 warns me.
    > >
    > >I can go into task manager and kill it off, but is always seems to

    reappear,
    > >and I haven't been able to find a consistent pattern of what triggers it.
    > >
    > >In addition, I have performed a search and found it to keep appearing on
    > >C:\Documents and Settings\Jon\Application Data, from where I then delete

    it.
    > >
    > >I am having zero response from Adaware, and Spybot, and also have Norton
    > >scanned the file. Spywareblaster is also running and my Windows updates

    are
    > >all on. Nothing shows.
    > >
    > >The program name does not appear on Google, unlike every other process I
    > >have checked.
    > >
    > >Can anyone help please?
    > >
    > >Cheers,
    > >Jon
    > >

    >
    > --
    > Basic computer maintenance
    > http://uk.geocities.com/personel44/maintenance.html
    Jon Watson, Jul 11, 2004
    #4
  5. Jon Watson

    °Mike° Guest

    Install Kaspersky, and let it remove it.

    KAV Personal
    http://www.kaspersky.com/personal

    KAV Personal Pro
    http://www.kaspersky.com/personalpro


    On Sun, 11 Jul 2004 16:52:09 +0100, in
    <ccrnnb$jf7$>
    Jon Watson scrawled:

    >Cheers Mike - that's the only place that has confirmed the 'dwnuptd.exe'
    >actually has a virus!
    >
    >It contains TrojanDownloader.Win32.Small.na and is packed with UPX.
    >
    >Unfortunately, nowhere seems to have any info on the '.na' strain of this
    >Trojan, so I am unsure how to remove!
    >


    <snip>

    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
    °Mike°, Jul 11, 2004
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. AP/Client connection negotiation process.

    , Aug 9, 2005, in forum: Wireless Networking
    Replies:
    3
    Views:
    650
    Pavel A.
    Aug 10, 2005
  2. =?Utf-8?B?UmFt?=

    SSID discovery process

    =?Utf-8?B?UmFt?=, Dec 19, 2005, in forum: Wireless Networking
    Replies:
    1
    Views:
    2,202
    Sooner Al [MVP]
    Dec 19, 2005
  3. William J King
    Replies:
    2
    Views:
    440
    Phillip Remaker
    Nov 15, 2003
  4. Fu Schnickens

    Changing file from User Process to System process

    Fu Schnickens, Dec 28, 2006, in forum: Computer Support
    Replies:
    3
    Views:
    489
    Plato
    Dec 30, 2006
  5. Pieter
    Replies:
    11
    Views:
    2,017
    Pieter
    Jun 12, 2005
Loading...

Share This Page