MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: atiupdate.exe
June 03, 2020, 08:21:45 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
June 03, 2020, 08:21:45 AM

Login with username, password and session length
 Featured Sites:
News
New  New Poll on our main page!
"My experience with Vista..."
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: atiupdate.exe  (Read 1174 times)
Zedd
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 89


Bookmark and Share

View Profile
« on: December 19, 2004, 02:03:18 AM »

I go downstairs to my sisters computer to find the firewall I installed on it blinking with an X in it. I open the firewall and get this message;

Application has changed since the last time you opened it, process id: 2112
Filename: C:\Documents and Settings\Kim Grunde\Local Settings\Temp\atiupdate.exe

This computer has no ATI devices on it. I go to delete the temp folder which the file is in and it says that exact file is in use. So I downloaded and ran HJT, and here's the logfile.



Logfile of HijackThis v1.99.0
Scan saved at 7:59:51 PM, on 12/18/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Stardock\WindowBlinds\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\PeerGuardian pr14\PeerGuardian_1.99b_pr14.exe
C:\Stardock\CursorXP\CursorXP.exe
C:\Program Files\aim\aim.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\KIMGRU~1\LOCALS~1\Temp\atiupdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kim Grunde\Desktop\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\aim\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian pr14\PeerGuardian_1.99b_pr14.exe
O4 - HKCU\..\Run: [CursorXP] C:\Stardock\CursorXP\CursorXP.exe
O9 - Extra button: Bet On USA Poker - {64FA9700-6A17-4bd5-A7D8-D81CF095995F} - C:\Program Files\betonusaMPP\MPPoker.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: InCD Helper - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Client - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe





Edit: The file seemed to be sending something to an IP so I did a backtrace on the remote host and got this;

Yipes Communications, Inc. YIPES-BLK7 (NET-66-17-128-0-1)
                                  66.17.128.0 - 66.17.255.255
xeex YIPS-XEEX-A080904 (NET-66-17-180-0-1)
                                  66.17.180.0 - 66.17.183.255
Bane Media, Inc. BANE-MEDIA (NET-66-17-180-0-2)
                                  66.17.180.0 - 66.17.181.255
« Last Edit: December 19, 2004, 02:07:12 AM by Zedd » Logged

Zedd
__________________________________________________________________________________________________________________________

My Rig:

-AMD Athlon 64 FX-51 Processor - Not Overclocked
-Asus SK8V Motherboard Skt 940
-2 GB Corsair Registered TWINX1024-3200 XMS3200
-120 GB Maxtor DiamondMax Plus
-80 GB Storage drive
-73 GB Western Digital Raptor 10,000 RPM SATA
Hard Drive
-256 MB ATI Radeon 9800 PRO Video Card
-Creative Labs Sound Blaster Audigy 2 ZS Sound Card
-Creative Labs SBS 4.1 Speaker System
-Pioneer DVR-A07 DVD-R/W +R/W
-Samsung SW-252FENB/SW-252SENB
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page August 24, 2017, 05:04:19 AM