PDA

View Full Version : Unknown programs running



Michael8
06-06-2005, 01:26 PM
Hi,

I am using windows xp. Recently I have opened 'windows task manager' and have found some programs running which I don't think should be running. They are: ZMUXCP.EXE and CALC.EXE . Are they trojans/viruses or something harmful to my computer? Is there a way to remove them if so?

Any help would be appreciated.

Thankyou,
Michael

tweak'e
06-06-2005, 01:32 PM
for calc.exe ..
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllc.happylow.html
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.astef.html

what antivirus and firewall are you useing ?

Michael8
06-06-2005, 01:47 PM
Thanks for your reply. I'm using zonealarm firewall and avg anti-virus.

Michael

tweak'e
06-06-2005, 02:02 PM
is the AVG upto date?

also check whats been let through the firewall.

Michael8
06-06-2005, 02:23 PM
Yes, the AVG is up-to-date. You also asked 'what programs have been let through' - do you mean right now or in the past. How do you find out?

Michael

FoxyMX
06-06-2005, 02:51 PM
You also asked 'what programs have been let through' - do you mean right now or in the past. How do you find out?
Both. What programs have been allowed access to the internet in ZoneAlarm?

I don't currently have ZA installed but go through all the tabs until you find a list of programs. They will have something like "Allow", "Ask" and "Deny" (or similar) alongside them.

Check out the ones that have "Allow" alongside them and if any are in that list on Norton's that tweak'e linked to then set them to "Deny".

Better still, set the whole lot to "Ask" and watch which ones want access until you are satisfied they are legitimate then you can allow them.

I would also suggest learning how to drive ZoneAlarm so that you are more familiar with how it works.

Renmoo
06-06-2005, 04:07 PM
...CALC.EXE...
Calc.exe could be Windows Calculator that you might be running...

Cheers :)

sigmeister
06-06-2005, 04:26 PM
Hi

go START-RUN-MSCONFIG, then Startup Tab and see what's loading up when you start Windows. You'll see the path of all the executables, and can select which ones you want to run on startup.

Good luck

Michael8
06-06-2005, 04:27 PM
The only programs that tries to access the internet is 'Generic Host Process for Win32 Services' - there are 3 of these accessing the internet. Should I deny this program access to the internet? I think that this program is required to be let through the firewall to be able to surf the net.

Thankyou,
Michael

tweak'e
06-06-2005, 04:32 PM
The only programs that tries to access the internet is 'Generic Host Process for Win32 Services' - there are 3 of these accessing the internet. Should I deny this program access to the internet? I think that this program is required to be let through the firewall to be able to surf the net.

Thankyou,
Michael
you need to let it access the net. in ZA it should have tick,tick,tick,red cross. internet server should have a red cross in it.
edit: have you run the usual spyware cleaning progs?

Michael8
06-06-2005, 10:12 PM
Ok, I've just runnned 'Spybot - Search and Destroy' and it found something called 'WildTangent' in the registry key which I deleted.

When I clicked more info it had the following:

Company: WildTangent, Inc.
Product: WildTangent Visualizers
Threat: Unknown

Company URL: http://www.wildtangent.com/
Company product URL: http://www.wildtangent.com/candy/visualizers.html
Company privacy URL: http://www.wildtangent.com/candy/privacy.html

Functionality
Visualization for Media Players

Description
Configuration information is transmitted on a regular basis.

Privacy Statement
If you download our Web Driver software it will gather and store information about your computer that is specifically related to the functioning of the Web Driver software, such as processor type or the presence or absence of graphics accelerators and the related software drivers. The Web Driver software will not gather information from your computer about you, such as general application software you have installed or personal data that you store on your computer. The Web Driver software will report this configuration information to us on a regular basis. We use this information to identify your system's capability and to optimize the delivery of content to the Web Driver.

Any other solutions would be appreciated.

Thankyou,
Michael

SurferJoe46
07-06-2005, 02:58 AM
OK.....Confession time for me...

I had posted the repair for the WT virus and I had used (gulp!) a different user name. I forgot the name and re-registered as who I purport to be now, aka: SurferJoe46.

Anyway..there is a rather detailed account of how to get rid of this virus under my old username: SurferJoe1946, on this site. :blush:


If you like, please search for it under my original, but forgotten username: SurferJoe1946.

Michael8
07-06-2005, 06:03 PM
I've deleted WildTangent using spybot but I saw ZMUXCP in the registry. I tried deleting it but it keeps coming back when switch to another folder and back; or close the registry and reopened it. How can I delete this virus? I do not have Norton Antivirus - is there a way to delete it without using norton antivirus?

Also, I found in the windows task manager another unknown program running called 'PACKAGER.EXE'. Is there a way to remove this as well?

Thankyou,
Michael

piva
07-06-2005, 08:07 PM
The url below gives a good description of how calc.exe and packager work. there are others on google
http://www.dslreports.com/forum/remark,13032344?hilite=calc

piva