Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

20ld08.exe

Options
  • 07-05-2005 5:26pm
    #1
    Irishstabber
    Registered Users Posts: 549 ✭✭✭


    Does ANYBODY have any clue what the hell this is. I have a bout 3-4 sometimes more of THIS process running everytime i run windows and when i end process it returs to haunt me :mad:

    Help me PLEASE.. :(


Comments

  • Options
    #2
    Ciaran500
    Registered Users Posts: 8,225 ✭✭✭Ciaran500


    Did you try running spyware and virus scanners?


  • Options
    #3
    KdjaCL
    Closed Accounts Posts: 20,346 ✭✭✭✭KdjaCL


    Are you sure thats the exact name?

    google would turn up somfin if it was.

    kdjac


  • Options
    #4
    beller b
    Closed Accounts Posts: 1,033 ✭✭✭beller b


    You could also run "msconfig" to see what is listed to start with windows. Looking at the location may give you a bit more info. If spyware identifies it but it won't delete, make a note of the location, restart in safe mode & delete it manually...


  • Options
    #5
    Irishstabber
    Registered Users Posts: 549 ✭✭✭Irishstabber


    My computer stays on some nights and MS Anti Spyware runs at 2.00am each night, it never finds anything.

    I also searched google but to no avail :(


  • Options
    #6
    Ciaran500
    Registered Users Posts: 8,225 ✭✭✭Ciaran500


    Alot of these spyware/virus programs use a random generator to create names so don't show up on google.

    Did you do a virus scan?
    Did you try another spyware scanner, alot of the time one program can miss stuff the other will pick up.


  • Advertisement
  • Options
    #7
    Irishstabber
    Registered Users Posts: 549 ✭✭✭Irishstabber


    It has been there awhile and Mcafee hasnt seen it, I had got adaware which never found it either, and ms dont find it either.


  • Options
    #8
    beller b
    Closed Accounts Posts: 1,033 ✭✭✭beller b


    when you run task manager does it show up under your name or system?


  • Options
    #9
    Irishstabber
    Registered Users Posts: 549 ✭✭✭Irishstabber


    It shows up under name


  • Options
    #10
    beller b
    Closed Accounts Posts: 1,033 ✭✭✭beller b


    And have you found a location?


  • Options
    #11
    Irishstabber
    Registered Users Posts: 549 ✭✭✭Irishstabber


    unfortunately no...its not in msconfig...ill do a search now


  • Advertisement
  • Options
    #12
    beller b
    Closed Accounts Posts: 1,033 ✭✭✭beller b


    Its possible its in the internet temp or if it doesnt show up with a search then in in recycler


  • Options
    #13
    Irishstabber
    Registered Users Posts: 549 ✭✭✭Irishstabber


    All that shows up in the search is a prefetch (PF) file.
    20LD08.EXE-13DB7036.pf
    It opens with an unknown app
    It aint in internet temp either.


  • Options
    #14
    Goldstein
    Registered Users Posts: 1,551 ✭✭✭Goldstein


    Download XP Process Explorer from the "Essential Free Software" sticky thread in this forum:
    "proexp - Process Explorer - Alternative to task manager"

    It'll tell you where the process is running from, what dll's it's loaded and loads of other information about it.


  • Options
    #15
    smorton
    Closed Accounts Posts: 154 ✭✭smorton


    what these spyware things usually do is there's two processes. if you close one the other opens it again and vice versa. you should take note of all of them, restart in safe mode and delete them. also get this program to remove them from the startup list:

    www.snapfiles.com/get/autostartmgr.html


  • Options
    #16
    Zoned
    Closed Accounts Posts: 114 ✭✭Zoned


    Get Hijack this from http://216.180.233.162/~merijn/files/HijackThis.exe

    and post the log.

    This is surely a bit of spyware that creates a random name for the executable. That is why nothing shows up in google.


  • Options
    #17
    Irishstabber
    Registered Users Posts: 549 ✭✭✭Irishstabber


    Here is the log

    Logfile of HijackThis v1.99.1
    Scan saved at 22:14:58, on 07/05/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\WINDOWS\System32\svchost.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System\mssecure.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus1.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\WINDOWS\System32\20ld08.exe
    C:\WINDOWS\System32\20ld08.exe
    C:\WINDOWS\System32\20ld08.exe
    C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\System32\20ld08.exe
    C:\WINDOWS\System32\20ld08.exe
    C:\Program Files\Opera\opera.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Documents and Settings\Karl\My Documents\HijackThis (1).exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ie/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {A78860C8-EE1A-46DF-A97F-E3E6D433E80B} - C:\WINDOWS\system32\zo5h7.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [.mssecure] C:\WINDOWS\System\mssecure.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe"
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\RunOnce: [0zt8jr.exe] C:\WINDOWS\System32\0zt8jr.exe /k
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\RunOnce: [0zt8jr.exe] C:\WINDOWS\System32\0zt8jr.exe /k
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O15 - Trusted Zone: *.musicmatch.com
    O15 - Trusted Zone: *.musicmatch.com (HKLM)
    O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{29893F03-3FC4-4216-BDDB-6B9A664B3B39}: NameServer = (cant show you that ;)
    O17 - HKLM\System\CS2\Services\Tcpip\..\{29893F03-3FC4-4216-BDDB-6B9A664B3B39}: NameServer = (or that)
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp WinStyler\WinStylerThemeSvc.exe


  • Options
    #18
    angelofdeath
    Closed Accounts Posts: 2,148 ✭✭✭angelofdeath


    dodgy looking startup key

    O4 - HKLM\..\RunOnce: [0zt8jr.exe] C:\WINDOWS\System32\0zt8jr.exe /k


  • Options
    #19
    Irishstabber
    Registered Users Posts: 549 ✭✭✭Irishstabber


    I've seen that a few times in the Task Manager too.


  • Options
    #20
    angelofdeath
    Closed Accounts Posts: 2,148 ✭✭✭angelofdeath


    in safe mode, delete that any other startup entries through either msconfig or registry, also delete those dodgy files from system32, empty all temporary folders, turn off system restore and run avg free and hope for the best


  • Options
    #21
    Irishstabber
    Registered Users Posts: 549 ✭✭✭Irishstabber


    Should I just go try delete em out of the Windows Folder or do it in safe mode. Or should I do it at all?

    EDIT: missed last post. Ok ill go do that, thanks.


  • Advertisement
  • Options
    #22
    Mac daddy
    Registered Users Posts: 2,942 ✭✭✭Mac daddy


    check the linky in my sig not the google one the one underneath - explains how to read a hijack this log spent ages writing it :D


  • Options
    #23
    Mac daddy
    Registered Users Posts: 2,942 ✭✭✭Mac daddy


    is there a reason for this ==> Windows XP SP1 and not updating to SP2 i know everybody hates ms. But some of the fixes are quite important.


  • Options
    #24
    angelofdeath
    Closed Accounts Posts: 2,148 ✭✭✭angelofdeath


    nice sticky there btw macdaddy, haven't seen it before, should probably be duplicated for the windows and computers forums


  • Options
    #25
    Mac daddy
    Registered Users Posts: 2,942 ✭✭✭Mac daddy


    angelofdeath wrote:
    nice sticky there btw macdaddy, haven't seen it before, should probably be duplicated for the windows and computers forums
    i have pulled it back from the dead in the security forum and asked again to make it a sticky - but it might be better suited in the normal comp section, as mosted of the people who post here have problem with hijacks and the usual spyware related stuff ;);)


  • Options
    #26
    Irishstabber
    Registered Users Posts: 549 ✭✭✭Irishstabber


    Mac daddy wrote:
    is there a reason for this ==> Windows XP SP1 and not updating to SP2 i know everybody hates ms. But some of the fixes are quite important.

    I've just never got round to it. Dont really see the significance in it. Nothing really wrong with my comp aside from this annoyance.

    And I have restarted and went into safe mode and couldnt find 20ld08.exe in the system32 folder :confused:


  • Options
    #27
    Irishstabber
    Registered Users Posts: 549 ✭✭✭Irishstabber


    BUT may I say I just checked my Task Manager and its not running anymore!!!....I did delete a file that was bothering me in tm also, maybe it was that file that was creating the executable :D
    It was called something lik 60rq6h or something like that.


  • Options
    #28
    Mac daddy
    Registered Users Posts: 2,942 ✭✭✭Mac daddy


    Irishstabber wrote:
    BUT may I say I just checked my Task Manager and its not running anymore!!!....I did delete a file that was bothering me in tm also, maybe it was that file that was creating the executable :D
    It was called something lik 60rq6h or something like that.

    It was being loaded twice from the registry- normally help if you delete the file and the reg key,
    Good that is now gone anyway :)


  • Options
    #29
    Irishstabber
    Registered Users Posts: 549 ✭✭✭Irishstabber


    Thanks for the help everyone. :p


Advertisement