ficheiro do system a tentar ligar sempre ao mesmo ip

[gatohumano]

sempre que inicio o win passado uns minutos aparece-me sempre isto,se fechar o processo passado um bocado volta abrir sozinho,do que sera?so desde a 2 ou 3 dias isto me acontece,ja corri varios antivirus e anti spyware mas não detetam nada,aqui a uns dias tentaram enviar-me um virus pelo msn via link o ficheiro era *.cmd mas o antivirus bloqueou-o sera que deixou outra cena?

 

[spiegelman]

Já fizeste o trace desse IP?:

Network Whois record

Queried whois.ripe.net with "-B 193.16.154.146"...
% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Note: the default output of the RIPE Whois server
% is changed. Your tools may need to be adjusted. See
% http://www.ripe.net/db/news/abuse-proposal-20050331.html
% for more details.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html

% Information related to '193.16.154.0 - 193.16.154.255'

inetnum: 193.16.154.0 - 193.16.154.255
netname: NL-ZYLON
descr: Webhost/colocation
country: NL
org: ORG-ZYLO1-RIPE
admin-c: ES2004-ripe
tech-c: ES2004-ripe
status: ASSIGNED PI
notify: [email protected]
mnt-by: RIPE-NCC-HM-PI-MNT
mnt-by: IO-NCC
mnt-lower: RIPE-NCC-HM-PI-MNT
mnt-routes: ZYLON-NOC
mnt-domains: ZYLON-NOC
changed: [email protected] 20040512
source: RIPE

organisation: ORG-ZYLO1-RIPE
org-name: Zylon Internet Services
org-type: NON-REGISTRY
address: Korte Bree 8
address: 9461 CG Gieten
address: The Netherlands
e-mail: [email protected]
mnt-ref: ZYLON-NOC
mnt-by: ZYLON-NOC
changed: [email protected] 20040511
changed: [email protected] 20050222
source: RIPE

person: Erik Smit
address: Zylon Internet Services
address: Korte Bree 8
address: 9461 CG Gieten
address: The Netherlands
phone: +31 6 10226319
fax-no: +31 513 880061
nic-hdl: ES2004-ripe
mnt-by: ZYLON-NOC
e-mail: [email protected]
notify: [email protected]
changed: [email protected] 20040511
source: RIPE

% Information related to '193.16.154.0/24AS8312'

route: 193.16.154.0/24
descr: Zylon webhosting
origin: AS8312
notify: [email protected]
mnt-by: ZYLON-NOC
changed: [email protected] 20040525
source: RIPE

Cheira-me a spyware... Por mim bloqueava o acesso permanentemente

 

[spastikman]

Process File: sessmgr or sessmgr.exe
Process Name: Remote Desktop Help Session Manager

Description:
sessmgr.exe is a process belonging to Microsoft's remote assistance windows plugin. This allows an end user to call for assistance when a remote assistance network service is in place. This process shouldn't be terminated if the fore-mentioned service is in place on your local area network.

.

 

[gatohumano]

ja resolvi o problema,fui ao safe mod e eliminei o ficheiro,eu reparei que esse ficheiro tem a data de instalação de ontem e no disco tinha 3 ficheiros com o mesmo nome.

 

[xupetas]

isso ]e spyware e eles metem o ficheiro com o mm nome do session manager para que o ppl o deixe em paz

 

[gatohumano]

corri o lavasoft adware se,spybostas s and destroy,the cleaner e bps spyware adware remover e nenhum deles me detectou nada.

 

[Quad]

Experimenta este http://www.ewido.net/en/

 

[cuto]

Vê aqui: http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=31804#recommendations

Já agora...verifica se tinhas a assistência remota ligada.

Cumps

 

[gatohumano]

Vê aqui: http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=31804#recommendations

Já agora...verifica se tinhas a assistência remota ligada.

Cumps

Estava desligada.