Virus? : nvvsvc.exe, nvxdsync.exe, winlogon.exe, csrss.exe
Solved
Abrek
Posted messages
61
Registration date
Status
Member
Last intervention
-
Domad -
Domad -
Hello,
Today, as sometimes happens when playing an online game, something weird happens and my screen starts to "mix up," like everything goes in every direction as if it's broken, and it happens with all the games that require UnityWebPlayer, so I have to turn it off through the tower.
When I turn it back on, I opened Task Manager and I see 4 programs? : nvvsvc, nvxdsync, csrss, and winlogon which I've seen before, but I read it was normal.
The others I just saw today and I installed UnityWebPlayer yesterday, so I'm wondering if it's related.
So I would like to know if it's dangerous, thanks to those who will reply :)
< config>Windows 7 / Chrome 34.0.1847.131</config>
Today, as sometimes happens when playing an online game, something weird happens and my screen starts to "mix up," like everything goes in every direction as if it's broken, and it happens with all the games that require UnityWebPlayer, so I have to turn it off through the tower.
When I turn it back on, I opened Task Manager and I see 4 programs? : nvvsvc, nvxdsync, csrss, and winlogon which I've seen before, but I read it was normal.
The others I just saw today and I installed UnityWebPlayer yesterday, so I'm wondering if it's related.
So I would like to know if it's dangerous, thanks to those who will reply :)
< config>Windows 7 / Chrome 34.0.1847.131</config>
19 answers
-
Hello
For further information, please do this
Open this link and download ZHPDiag from Nicolas Coolman:
https://toolslib.net
Or
https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/
at the bottom of the ZHP page with a version number.
Once the download is complete,
Double-click on the icon to launch the program. In Vista; Seven or Windows 8 right-click “Run as administrator”
In the ZHPDiag window that just opened, click on "Configure"
Click on the magnifying glass at the bottom left with the plus sign to start the analysis.
Let the tool work, it may take a while.
A report opens. This report is also located on your desktop
To send the report click on this link:
http://pjjoint.malekal.com/
If there's a problem use one of the following
https://forums-fec.be/upload
https://www.cjoint.com/
Look on the desktop
Select the ZHPDiag.txt file.
Click on "Click here to upload the file".
A link of this type:
http://www.cijoint.com/cjlink.php?file=cj200905/cijSKAP5fU.txt
is added on the page.
Copy this link into your reply.
Thank you
@+
--
***-----------------------Security Contributor-------------------------***
We have all been beginners in something at one point.
But knowledge is the reward of diligence. -
Re
These 4 programs are legitimate.
nvvsvc.exe => Nvidia
nvxdsync.exe => Nvidia
winlogon.exe => Windows
csrss.exe => Windows
We clean and finalize
1) Empty the Malwarebytes quarantine
2) Download DelFix from Xplode
Run it.
You have 5 choices:
Reactivate UAC
Remove disinfection tools (checked by default)
Make a backup of the registry
Purge system restore
Reset factory settings
Check those which are in bold
and you execute
The report is usually found here
C:\DelFix.txt
The rest of the security: http://forum.malekal.com/comment-securiser-son-ordinateur.html
@+
--
***-----------------------Security Contributor-------------------------***
We've all been a beginner at something one day.
But knowledge is the reward for diligence. -
Hello
No; an antivirus paired with Malwarebytes will do just fine.
See you later
--
***-----------------------Security Contributor-------------------------***
We have all been beginners at something at some point.
But knowledge is the reward of diligence. -
https://pjjoint.malekal.com/files.php?id=20140510_j8e14l15b15m6 here or if it doesn't work https://forums-fec.be/upload/www/index.php?action=d&step=3
-
Hello
1) Download AdwCleaner (from Xplode) to your desktop.
Run it, click on [Scan] and wait for the scan to complete.
Once the scan is finished, click on the [Clean] button
Wait during the cleaning process. Read the message that appears, then click on OK. The PC will automatically restart and the report will open at the end of the restart.
Post the report
Note: The report is also saved under C:\AdwCleaner[S1].txt
To read:
Potentially unwanted programs:
https://www.malekal.com/adwares-pup-protection/
Toolbars are not required (by Malekal): https://forum.malekal.com/viewtopic.php?t=6173&start=
2)Run a quick scan with updated Malwarebytes and then post its report
Thank you
See you later
***-----------------------Security Contributor-------------------------***
We have all been a beginner in something at one point.
But knowledge is the reward for diligence. -
There were 2, so I'm giving you both just in case
AdwCleaner[S0]: https://pjjoint.malekal.com/files.php?id=20140510_e14n10o511n6
AdwCleaner[R0]: https://pjjoint.malekal.com/files.php?id=20140510_p15r9e9s10v7
Malware: https://pjjoint.malekal.com/files.php?id=20140510_c9i9s14e10g14
Here you go -
Re
Send me a new ZHPDiag report; thank you
See you later
--
***-----------------------Security Contributor-------------------------***
We have all been a beginner at something once.
But knowledge is the reward for diligence. -
https://pjjoint.malekal.com/files.php?id=20140511_l6h12i6u8p9 :) will we need to send more links?
-
Hello
Using the ZHPFix tool:
* Copy all the text present in the box below (select it with your mouse / Right-click on it and choose "copy" or press Ctrl+C)
ZHPFix Script
O4 - HKLM\..\Run: [fst_fr_26] Orphan key
O45 - LFCP:[MD5.2D4CD787C35CFCA8395F937276F7400C] - 5/8/2014 - 10:27:13 AM ---A- - C:\Windows\Prefetch\UNITYWEBPLAYER.EXE-1C9D893C.pf
O61 - LFC: 5/8/2014 - 11:56:29 PM ---A- . (.Unity Technologies ApS.) -- C:\Users\Mansour\Desktop\UnityWebPlayer.exe [1070496]
O61 - LFC: 5/8/2014 - 11:56:29 PM ---A- . (.Unity Technologies ApS.) -- C:\Users\Mansour\Downloads\UnityWebPlayer.exe [1070496]
[MD5.9994F539B965C6ADDB2EC871FC9D650B] [SPRF][5/8/2014] (.Unity Technologies ApS - Unity Web Player Installer.) -- C:\Users\Mansour\Desktop\UnityWebPlayer.exe [1070496]
HKLM\SOFTWARE\Microsoft\Tracing\FindRight_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\FindRight_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\updateFindRight_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\updateFindRight_RASMANCS
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:fst_fr_26
O4 - HKLM\..\Run: [fst_fr_26] Orphan key
C:\Users\Mansour\Desktop\UnityWebPlayer.exe
C:\Users\Mansour\AppData\Local\Temp\GoogleToolbarInstaller1.log
C:\Users\Mansour\AppData\Local\Temp\GoogleToolbarInstaller2.log
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Orphan key
HKLM\SOFTWARE\Microsoft\Tracing\googletoolbarinstaller_full_signed_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\googletoolbarinstaller_full_signed_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarUser_32_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarUser_32_RASMANCS
ShortcutFix
EmptyPrefetch
FirewallRAZ
Emptytemp
EmptyCLSID
--------------------------------------------------------------------------------------------
Run ZHPFix from the shortcut on your Desktop (if you are using Windows Vista, 7, or 8, do it by right-clicking --> Run as administrator)
Click on the Import button. The clipboard content will be pasted into the input area of ZHPFix
NB (W8) : In some cases the script will automatically paste into the script area and does not require clicking the "IMPORT" button.
* Click on the GO button to start the cleaning.
-> let the tool work and do not touch anything ...
-> If prompted to restart the PC to complete the cleaning, do it!
Once finished, a new report will appear: post the content of this report in your next response ...
This report is copied to the desktop
( this report is also saved in this folder:
- For XP: C:\Documents and Settings\username\Local Settings\Application Data\ZHP
- Since Vista: C:\Users\username\AppData\Roaming\ZHP\ZHPFix [R1].txt)
@+
--
***-----------------------Security Contributor-------------------------***
We have all been a beginner at something at one time.
But knowledge is the reward of diligence. -
What will it clean? I don't have a toolbar and your script says that.
--
Thug Life * The street has no internship * « The Hate U Give Little Infants Fucks Everybody » -
Hello
Do as you wish!!
See you later
--
***-----------------------Security Contributor-------------------------***
We have all been beginners at something at one time.
But knowledge is the reward for diligence. -
Good evening
in anticipation of this report. Thank you
See you
--
***-----------------------Security Contributor-------------------------***
We have all been beginners at something at some point.
But knowledge is the reward for diligence.-
https://pjjoint.malekal.com/files.php?id=20140513_n15q6f7d8j12 I have removed UnityWebPlayer in the meantime.
-
-
Re
update Java
@+
--
***-----------------------Security Contributor-------------------------***
We've all been beginners at something at some point.
But knowledge is the reward for diligence. -
You have the recommended version of Java. (Version 7 Update 55). I updated it on https://www.java.com/en/ and I still have these 4 programs? ...
--
Thug Life * The street doesn't have internships * "The Hate U Give Little Infants Fucks Everybody" -
There is adwCleaner on the site but not DelFix at least I don't see it
And you said I check "Remove disinfection tools (checked by default)" among the 5?
Also on Malware I go to History/Quarantine then delete everything?
--
Thug Life * The street has no internship * “The Hate U Give Little Infants Fucks Everybody” -
Re
You click on the blue word DelFix in my previous post.
Yes, you delete everything.
See you later
--
***-----------------------Security Contributor-------------------------***
We have all been beginners at something at one time.
But knowledge is the reward for diligence. -
Yes, well, there's no DelFix, just AdwCleaner that I already have. Send me the link to download it
--
Thug Life * The street has no internships * « The Hate U Give Little Infants Fucks Everybody » -
Hello
Done for the best.
I suggest we mark this topic as resolved
Thank you
See you
--
***-----------------------Security Contributor-------------------------***
We have all been beginners in something at one point.
But knowledge is the reward for diligence. -
It's all good, I found it and did everything. Otherwise, is there something like an "anti-virus" but for keyloggers and that sort of thing or to delete stuff that shouldn't be on the computer?
--
Thug Life * The street has no internship * "The Hate U Give Little Infants Fucks Everybody"