[Date Prev][Date Next][Subject Prev][Subject Next][ Date Index][ Subject Index]

Re: looks like I've been hijacked



Andy Turnbull wrote:
I guess the exe may have been RDC.exe, which didn't show on control-alt-delete but which I had to stop manually to re-start.
Get Process Explorer (http://www.sysinternals.com), much better than TaskMan. That "Your don't have permission" sometimes means that the file you're pointing at isn't really the file, but a dummy pointer to where it used to be, the actual file being elsewhere (where, BBG doesn't think you need to know!). And for Pete's sake, get a second hard drive (they're dirt cheap) or, if it's a laptop of a SFF box with no room, get a partition tool and create a data drive. (One of the _good_ things about Vista is that, so long as there's enough room on the drive, you can partition live, without loosing existing partitions.) This
might have been the one that allowed the apple tech to look inside my 'puter. Anyway, all seems to be okay now, and I guess my warning was (probably) a false alarm. thanks again. andy t ----- Original Message ----- From: "flash" To: Sent: Saturday, November 22, 2008 9:37 AM Subject: Re: looks like I've been hijacked
Andy, VDM37E is almost certainly a temp file left over from some operation. TMP files are sometimes hard to get rid of, especially if the .exe file which produced them is still running (whether harmless or malicious). For what it's worth: http://keskustelu.afterdawn.com/thread_view.cfm/666312 I suggest you get TCPview running on the affected machine and find out whether some .exe file is making repeated connections to Finland. Once you know which .exe file is behind this, you can go to Sophos or Symantec and find out how to defeat it.
-------------------------------------------------------------------------------- No virus found in this incoming message. Checked by AVG - http://www.avg.com Version: 8.0.175 / Virus Database: 270.9.9/1805 - Release Date: 11/22/2008 10:34 AM
-- Patricia M. Godfrey priscamg@xxxxxxxx