Identify these processes?

Pretorius · 08-31-2004, 10:17 PM

bfhaxh.exe
tmotbozp.exe
winitr32.exe
regsrv32.exe
serm32.exe
winmon32.exe
asetup32.exe

I'm under the impression that most unfamiliar files that crop up with '32' in their title are unwelcome.

And can anyone recommend a really good downloadable firewall (free, preferably).

Thanks.

Lorand · 08-31-2004, 10:25 PM

You probably have a virus. So first run a virus check (http://housecall.trendmicro.com).
A good (and free) firewall is ZoneAlarm (http://www.download.com/3000-2092-10...age&tag=button).

**Praetor** · 09-01-2004, 01:37 PM

The only one there that should be there is regsvr32 which is just a DLL/OCX registry tool

Lorand · 09-01-2004, 02:40 PM

It depends on how it was executed. The W32/Rbot-GM worm (http://www.sophos.com/virusinfo/analyses/w32rbotgm.html) copies itself to regsrv32.exe in the Windows system folder.

**Praetor** · 09-01-2004, 03:42 PM

Ya that too.. odds are, regarding regsvr32, it'll finish so fast you'll never see it in the taskmanager for long.

Pretorius · 09-01-2004, 05:17 PM

Quote:

Originally Posted by Praetor

Ya that too.. odds are, regarding regsvr32, it'll finish so fast you'll never see it in the taskmanager for long.

No, it stays there. And when it's there, Task Manager shuts down the instant it opens.

I've had trouble with lsasss, avserve2, etc. But all of a sudden these weird processes are popping up, like I have something on my computer that's randomly generating them.

The list of new processes is now:

bfhaxh.exe
tmotbozp.exe
winitr32.exe
regsrv32.exe
serm32.exe
winmon32.exe
asetup32.exe
cwcvcw.exe
tiujpu.exe
wowexec.exe
ntvdm.exe
syscfg32.exe

I got Process Explorer, which allows me to close them on startup. But they keep coming.

**Praetor** · 09-01-2004, 05:35 PM

- Run a spyware check (while not online)?
- Consider Agnitum's Outpost firewall (free and quite effective)

08-31-2004, 10:17 PM	#1 (permalink)
Pretorius Bronze Member Join Date: Aug 2004 Posts: 40	Identify these processes? bfhaxh.exe tmotbozp.exe winitr32.exe regsrv32.exe serm32.exe winmon32.exe asetup32.exe I'm under the impression that most unfamiliar files that crop up with '32' in their title are unwelcome. And can anyone recommend a really good downloadable firewall (free, preferably). Thanks.

09-01-2004, 01:37 PM	#3 (permalink)
Praetor Administrator Join Date: Jul 2004 Location: Canada Age: 24 Posts: 19,946	The only one there that should be there is regsvr32 which is just a DLL/OCX registry tool __________________ ASUS P5K Premium WiFi-AP, Q6600@3.7 / ASUS P5ND, E6400@3.8 4GB OCz Platinum XTC 8500 / 4GB CorsairXMS2 6400 5x500GB Seagate 7200.10 / 2x500 Seagate 7200.10 OCz 8800GTX 768MB @ 630/800 / 2x Galaxy 8800GT SLI

09-01-2004, 03:42 PM	#5 (permalink)
Praetor Administrator Join Date: Jul 2004 Location: Canada Age: 24 Posts: 19,946	Ya that too.. odds are, regarding regsvr32, it'll finish so fast you'll never see it in the taskmanager for long. __________________ ASUS P5K Premium WiFi-AP, Q6600@3.7 / ASUS P5ND, E6400@3.8 4GB OCz Platinum XTC 8500 / 4GB CorsairXMS2 6400 5x500GB Seagate 7200.10 / 2x500 Seagate 7200.10 OCz 8800GTX 768MB @ 630/800 / 2x Galaxy 8800GT SLI

09-01-2004, 05:35 PM	#7 (permalink)
Praetor Administrator Join Date: Jul 2004 Location: Canada Age: 24 Posts: 19,946	- Run a spyware check (while not online)? - Consider Agnitum's Outpost firewall (free and quite effective) __________________ ASUS P5K Premium WiFi-AP, Q6600@3.7 / ASUS P5ND, E6400@3.8 4GB OCz Platinum XTC 8500 / 4GB CorsairXMS2 6400 5x500GB Seagate 7200.10 / 2x500 Seagate 7200.10 OCz 8800GTX 768MB @ 630/800 / 2x Galaxy 8800GT SLI

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

08-31-2004, 10:25 PM	#2 (permalink)
Lorand VIP Member Join Date: Dec 2003 Location: Bucharest Age: 41 Posts: 3,042	You probably have a virus. So first run a virus check (http://housecall.trendmicro.com). A good (and free) firewall is ZoneAlarm (http://www.download.com/3000-2092-10...age&tag=button).

09-01-2004, 02:40 PM	#4 (permalink)
Lorand VIP Member Join Date: Dec 2003 Location: Bucharest Age: 41 Posts: 3,042	It depends on how it was executed. The W32/Rbot-GM worm (http://www.sophos.com/virusinfo/analyses/w32rbotgm.html) copies itself to regsrv32.exe in the Windows system folder.