Author Topic: Help needed to identify new running thread  (Read 3950 times)

0 Members and 1 Guest are viewing this topic.

siliconbits

  • Guest
Help needed to identify new running thread
« on: October 25, 2006, 03:49:44 PM »
TBA08C.exe, system, 2592K

My system has gradually been getting memory problems due to my browser. I use IE7+Maxthon, I have Trendmicro and use CCleaner regularly as well as S&D. Any help welcomed.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88736
  • No support PMs thanks
Re: Help needed to identify new running thread
« Reply #1 on: October 25, 2006, 04:00:42 PM »
Does TrendMicros support/forums not have any information/suggestions ?
Sorry I couldn't resist it ;D this is the avast! (anti-virus program) support forums.

A google search for you file name returns no hits, which in itself is suspicious, considering it is in a system folder ?

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive.

You could switch to avast! ;D
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.1.6099 (build 24.1.8821.762) UI 1.0.796/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

siliconbits

  • Guest
Re: Help needed to identify new running thread
« Reply #2 on: October 25, 2006, 04:05:41 PM »
Thanks for the quick answer. In google and online forums I trust more than support from IT department (although they might be the same sometimes). I will try the tools you gave me and come back to you.

siliconbits

  • Guest
Re: Help needed to identify new running thread
« Reply #3 on: October 25, 2006, 04:14:27 PM »
There is the culprit. There's actually another one (both are in Windows Temporary directory). MVE63A.exe. Virustotal found no virii.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88736
  • No support PMs thanks
Re: Help needed to identify new running thread
« Reply #4 on: October 25, 2006, 05:25:56 PM »
It could well be that it isn't something that might be detected by what are more anti-virus scanners. There are other malware scanners, http://www.spywareguide.com/onlinescan.php, http://www.spywareinfo.com/xscan.php.

Also seeing your initial post again and the image showing it isn't in a system folder but is a running process "TBA08C.exe, system, 2592K" you need to kill the running process before trying to remove the file otherwise windows will protect it. You will also need to remove the start-up entry for it.
Does ccleaner not remove it when you empty the temp folders ?
If not you may need to uncheck the option that doesn't delete items in temp folders for 48 hours. Or you could manually clean the temp folders. If it keeps coming back you have something else on the system that is restoring it, see the programs listed below.

S&D is getting really long in the tooth and I haven't detected anything with it for a very long time now and I uninstalled it, fed up of the large updates and poor connections to update servers.

If you haven't already got this software (freeware), download, install, update and run it, preferably in safe mode.
1. Ewido, a.k.a. avg anti-spyware If using winXP. or a-Squared free if using win98/ME.
2. Ad-Aware SE Personal Edition
3. Spywareblaster Don't install this until you are clean.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.1.6099 (build 24.1.8821.762) UI 1.0.796/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

siliconbits

  • Guest
Re: Help needed to identify new running thread
« Reply #5 on: October 26, 2006, 01:25:03 PM »
Finally got the answer from a french forum (translated from Google.com http://tinyurl.com/ykqjuw).

I opened the said files in Notepad and browse through the code. Last line read D:\OfficeScan\src\Client\OfcDog\Release\OfcDog.pdb

The exe is actually a file created by Trendmicro itself it seems.

Much ado about nothing. Thanks anyway.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88736
  • No support PMs thanks
Re: Help needed to identify new running thread
« Reply #6 on: October 26, 2006, 02:49:24 PM »
That doesn't account for why it is in the windows temp folder or why it is a running process ?
You have to ask Trendmicro what purpose it serves and why there is virtually no documentation about it, even when you check with search engines, anti-virus programs are meant to put your mind at rest not give you heartburn.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.1.6099 (build 24.1.8821.762) UI 1.0.796/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security