[System Process]:0 Virus?

> | I have WindowsXP Pro.
> | Just today my internet connection has slowed right down,
> and
> | an inspection of "Windows Task Manager" shows a lot of
> | traffic even though I am not using any internet
> | applications.
> | I have run TCPView and there are numerous TCP protocol
> | addresses in a "TIME_WAIT" state, all with the process
> name
> | "[System Process]:0. All the remote addresses attached
> to
> | this process have different names, and there are about
> 100
> | of them.
> | Can someone help me.
> | Regards, Frank
> It sounds like malware has injected a process into the
> kernel.
> What anti virus/anti malware software have you used to
> scan the PC ?
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

> | Thanks,
> | I have used "stopZilla", "ADaware", "Spybot search &
> | destroy", "Malwarebytes Anti-malware", MS
> | "malicious-software removal tool", also "CCleaner (with
> reg
> | cleaner)", and other reg cleaners,
> | Also I am running the "whatslivern" software.
> | This happened once before but with a different Process
> Name,
> | as as I remember I fixed this by ticking and deleting
> one of
> | the lines in the "HiJack This" lists, which was:
> | "F2Reg::system.ini:
> Shell=Explorer.exe\C:\Windows\Config\csrss.exe.
> | Regards, Frank
> StopZilla - not that good aanti adware/spyware
> CCleaner - not anti malware.
> Reg Cleaners in general - snake oil
> whatslivern - is a 2007 plagiarised version of Andrew
> Aranoff's Silent Runners and if you
> are going to use such software, use the orginal from the
> real author, Andrew Aranoff,
> which was last updated Dec. '08, revision 59. --
> http://www.silentrunners.org/
> Usually at this point I'd have you post in an expert
> forum. However, in this case, I have
> a gut feeling.
> I'd like you to scan your PC using the AntiRootkit utility
> Gmer and to use the McAfee and
> Sophos modules in my Multi AV Scanning Tool.
> http://www.gmer.net/
> Download MULTI_AV.EXE from the URL --
> http://www.pctip.ch/ds/28400/28470/Multi_AV.exe
> or
> http://212.98.39.7/ds/28400/28470/Multi_AV.exe
> http://www.pctip.ch/downloads/dl/35905.asp
> or
> http://212.98.39.7/downloads/dl/35905.asp
> English:
>

> To use this utility, perform the following...
> Execute; Multi_AV.exe { Note: You must use the default
> folder C:\AV-CLS }
> Choose; Unzip
> Choose; Close
> Execute; C:\AV-CLS\StartMenu.BAT
> { or Double-click on 'Start Menu' in C:\AV-CLS }
> NOTE: You may have to disable your software FireWall or
> allow WGET.EXE to go through your
> FireWall to allow it to download the needed AV vendor
> related files.
> C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start
> Menu' in C:\AV-CLS}
> This will bring up the initial menu of choices and should
> be executed in Normal Mode.
> This way all the components can be downloaded from each AV
> vendor's web site.
> The choices are; Sophos, Trend, McAfee, Kaspersky, Exit
> this menu and Reboot the PC.
> You can choose to go to each menu item and just download
> the needed files or you can
> download the files and perform a scan in Normal Mode. Once
> you have downloaded the files
> needed for each scanner you want to use, you should reboot
> the PC into Safe Mode [F8 key
> during boot] and re-run the menu again and choose which
> scanner you want to run in Safe
> Mode. It is suggested to run the scanners in both Safe
> Mode and Normal Mode.
> When the menu is displayed hitting 'H' or 'h' will bring
> up a more comprehensive PDF help
> file.
> * * * Please report back your results * * *
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp