Urgent!! Virus i cannot remove!!

Hy,

I've realized that a process was running in the task manager, and i cannot remove it, end it, or even find it in the registry keys Run...

The Process is called "System"...
I checked through FileMon and saw that it writes to c:\$Directory and c:\$LogFile

And i cannot end this process...Ad aware didn't find it as a bad process,
and PC Cillin dont consider it as a virus...and i'm sure its a Keylogger or something...
How can i Remove it

Tx

If it is just system (not system.exe), it is a necessary Windows process for NT4/2000/XP/2003 machines. It's a collective name for all operating system kernel threads.

Leave it alone - it's supposed to be there.

If it's system.exe - you have a virus. Possibly (but not limited to) Trojan.Download.Revird / Trojan.Mitglieder.C / Backdoor.Tuxder

I'm guessing you are talking about the real thing though and doubt you have a virus.


This is the best resource I know of for determing what any particular task list program is: http://www.answersthatwork.com/Tasklist ... sklist.htm

I always look there first.

Excellent site ATNO/TW, thanks...

Actually its "System", but i've been checking with filemon and i never saw what i discribe in my earlier post before...and i cant find either $LogFile or $Directory that are being accessed...

So i'm kind of having some weird time cause my connection seems to work while i'm not browsing too...

at really low bandwidth, but working

Ragner -- how much CPU is it utilizing. On a normal basis, mine runs pretty much at zero most of the time. I haven't been able to locate much detail on it, but I think all it does is log events. (not sure)

For files that start with $ you might need to unhide hidden files and allow explorer to show hidden system files. I couldn't find any such directories on my Win2K machine either, though. What are you running Win2K or XP?

when you say your connection works, do you mean you are having unusually high up or down stream rates? I know that it is not unusual to have some upstream and downstream, even if your browser is not open. Some programs are constantly uploading information in the background.

So like what kind of bandwidth are you seeing with your browser closed?

Actually it uses 00 ressources almost...
And as for the $ part, i went into command prompt and tried the following

Attrib -h -r and
Attrib -h -r -s and in both cases it dosent find them



Actually it's really low, i downloaded a trial version of netlimiter to check all the processes that where using the bandwidth and even though the chart showed some, it didn't indicate anything....As for the up/down was at a max rate of 0.6k (but enough for logged text files on a regular basis)

Yeah, I wouldn't be overly concerned about any viruses then, especially if your virus scan is not picking up anything

Ragner...if you are connected to broadband internet your computer will constantly be broadcasting, hence the trivial packet transfers (i.e. activity)..even when you are not "browsing".

Ok i get it...

I'd better check again my paranoia thinggy hehehehe...

Anyway, thanks again for all the help...

oh, and its RagnAr
Tx again

Oops -- my bad - sorry.