Your Ad Here Your Ad Here
Results 1 to 3 of 3

Thread: Systemb, What Is It?

  1. #1
    What is SystemB? i check google it says nothing.

    Should i be concern, it kept trying to access the internet

    I cant remove it it say "Cannot delete SytemB: Access is denied. Make sure the disk is not full or write-protected and the file is not currently in use."

    i run ad aware, spybot and spy sweeper it scaned nothing.

    Image Resized
    http://img7.exs.cx/img7/2442/untitled327.jpg' width='200' height='120' border='0' alt='click for full size view'></a>

    Heres a hijack log

    C:&#092;PROGRA~1&#092;ZONELA~1&#092;ZONEAL~1&#092;zlclient.exe
    C:&#092;PROGRA~1&#092;NETASS~1&#092;SMARTB~1&#092;MotiveSB.exe
    C:&#092;PROGRA~1&#092;ALWILS~1&#092;Avast4&#092;ashDisp.exe
    C:&#092;Program Files&#092;Lexmark X74-X75&#092;lxbbbmgr.exe
    C:&#092;PROGRA~1&#092;BILLPS~1&#092;WINPAT~1&#092;WINPAT~1.EXE
    C:&#092;Program Files&#092;Messenger Plus&#33; 3&#092;MsgPlus.exe
    C:&#092;Program Files&#092;DU Meter&#092;DUMeter.exe
    C:&#092;PROGRA~1&#092;ALWILS~1&#092;Avast4&#092;ashmaisv.exe
    C:&#092;Program Files&#092;The Cleaner&#092;tca.exe
    C:&#092;Program Files&#092;Common Files&#092;Microsoft Shared&#092;Works Shared&#092;WkUFind.exe
    C:&#092;Program Files&#092;Ad Muncher&#092;AdMunch.exe
    C:&#092;Program Files&#092;Lexmark X74-X75&#092;lxbbbmon.exe
    C:&#092;WINDOWS&#092;System32&#092;SystemB.exe
    C:&#092;Program Files&#092;Spybot - Search & Destroy&#092;TeaTimer.exe
    C:&#092;Documents and Settings&#092;Owner&#092;Local Settings&#092;Temp&#092;FreeRAM XP Pro 1.40.exe
    C:&#092;WINDOWS&#092;System32&#092;wbem&#092;wmiapsrv.exe
    C:&#092;Program Files&#092;MSN Messenger&#092;msnmsgr.exe
    C:&#092;Program Files&#092;MYIE2&#092;MyIE.exe
    C:&#092;Documents and Settings&#092;Owner&#092;Desktop&#092;Marc&#092;Hijack This&#092;HijackThis.exe

    R0 - HKCU&#092;Software&#092;Microsoft&#092;Internet Explorer&#092;Main,Start Page = <a href='http://www1.sympatico.ca]http://www1.sympatico.ca

    R0 - HKLM&#092;Software&#092;Microsoft&#092;Internet Explorer&#092;Main,Start Page = http://www1.sympatico.ca
    R1 - HKCU&#092;Software&#092;Microsoft&#092;Internet Explorer&#092;Main,Window Title = Microsoft Internet Explorer provided by Sympatico
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:&#092;Program Files&#092;Adobe&#092;Acrobat 5.0&#092;Reader&#092;ActiveX&#092;AcroIEHelper.ocx
    O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - C:&#092;WINDOWS&#092;System32&#092;SYSTEM~2.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:&#092;PROGRA~1&#092;SPYBOT~1&#092;SDHelper.dll
    O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:&#092;PROGRA~1&#092;STARDO~1&#092;SDIEInt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:&#092;WINDOWS&#092;System32&#092;msdxm.ocx
    O4 - HKLM&#092;..&#092;Run: [IgfxTray] C:&#092;WINDOWS&#092;System32&#092;igfxtray.exe
    O4 - HKLM&#092;..&#092;Run: [HotKeysCmds] C:&#092;WINDOWS&#092;System32&#092;hkcmd.exe
    O4 - HKLM&#092;..&#092;Run: [PRONoMgrWired] c:&#092;Program Files&#092;Intel&#092;PROSetWired&#092;NCS&#092;PROSet&#092;PRONoMgr.exe
    O4 - HKLM&#092;..&#092;Run: [Zone Labs Client] C:&#092;PROGRA~1&#092;ZONELA~1&#092;ZONEAL~1&#092;zlclient.exe
    O4 - HKLM&#092;..&#092;Run: [Motive SmartBridge] C:&#092;PROGRA~1&#092;NETASS~1&#092;SMARTB~1&#092;MotiveSB.exe
    O4 - HKLM&#092;..&#092;Run: [avast&#33;] C:&#092;PROGRA~1&#092;ALWILS~1&#092;Avast4&#092;ashDisp.exe
    O4 - HKLM&#092;..&#092;Run: [NeroFilterCheck] C:&#092;WINDOWS&#092;system32&#092;NeroCheck.exe
    O4 - HKLM&#092;..&#092;Run: [Lexmark X74-X75] "C:&#092;Program Files&#092;Lexmark X74-X75&#092;lxbbbmgr.exe"
    O4 - HKLM&#092;..&#092;Run: [WinPatrol PLUS] C:&#092;PROGRA~1&#092;BILLPS~1&#092;WINPAT~1&#092;WINPAT~1.EXE
    O4 - HKLM&#092;..&#092;Run: [MessengerPlus3] "C:&#092;Program Files&#092;Messenger Plus&#33; 3&#092;MsgPlus.exe"
    O4 - HKLM&#092;..&#092;Run: [DU Meter] C:&#092;Program Files&#092;DU Meter&#092;DUMeter.exe
    O4 - HKLM&#092;..&#092;Run: [ashMaiSv] C:&#092;PROGRA~1&#092;ALWILS~1&#092;Avast4&#092;ashmaisv.exe
    O4 - HKLM&#092;..&#092;Run: [tcactive] C:&#092;Program Files&#092;The Cleaner&#092;tca.exe
    O4 - HKLM&#092;..&#092;Run: [Microsoft Works Update Detection] C:&#092;Program Files&#092;Common Files&#092;Microsoft Shared&#092;Works Shared&#092;WkUFind.exe
    O4 - HKLM&#092;..&#092;Run: [Ad Muncher] C:&#092;Program Files&#092;Ad Muncher&#092;AdMunch.exe /bt
    O4 - HKCU&#092;..&#092;Run: [SpybotSD TeaTimer] C:&#092;Program Files&#092;Spybot - Search & Destroy&#092;TeaTimer.exe
    O4 - HKCU&#092;..&#092;Run: [FreeRAM XP] "C:&#092;Documents and Settings&#092;Owner&#092;Local Settings&#092;Temp&#092;FreeRAM XP Pro 1.40.exe" -win
    O4 - HKCU&#092;..&#092;Run: [MessengerPlus3] "C:&#092;Program Files&#092;Messenger Plus&#33; 3&#092;MsgPlus.exe" /WinStart
    O4 - HKCU&#092;..&#092;Run: [Steam] "c:&#092;program files&#092;valve&#092;steam&#092;steam.exe" -silent
    O4 - HKCU&#092;..&#092;Run: [STYLEXP] C:&#092;Program Files&#092;TGTSoft&#092;StyleXP&#092;StyleXP.exe -Hide
    O4 - HKCU&#092;..&#092;Run: [msnmsgr] "C:&#092;Program Files&#092;MSN Messenger&#092;msnmsgr.exe" /background
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:&#092;Program Files&#092;Common Files&#092;Adobe&#092;Calibration&#092;Adobe Gamma Loader.exe
    O4 - Global Startup: NetAssistant.lnk = C:&#092;Program Files&#092;NetAssistant&#092;bin&#092;matcli.exe
    O8 - Extra context menu item: Download with Star Downloader - C:&#092;Program Files&#092;Star Downloader&#092;sdie.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:&#092;PROGRA~1&#092;MICROS~2&#092;OFFICE11&#092;EXCEL.EXE/3000
    O9 - Extra button: Research (HKLM)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab28578.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_42.cab
    O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard.com/support/includes/cabs/si.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8162.5864583333
    O17 - HKLM&#092;System&#092;CCS&#092;Services&#092;Tcpip&#092;..&#092;{713A0762-9771-42EC-9080-EB5F23CD7F9B}: NameServer = 206.47.244.43 206.47.244.107

  2. Software & Hardware   -   #2
    Poster
    Join Date
    Mar 2003
    Posts
    367
    I did not find anything on systemb either. That&#39;s usually not a good sign. If google never heard of it, I tend to trash it.

    Your hijackthis log is incomplete. Could you post a new one? Also, just paste it in without the quote, it&#39;s easier to read. I&#39;ll keep looking for more info.

    If you want to delete it, see if it&#39;s listed in taskmanager as a process. End process and you should be able to delete it. Or boot into safemode, maybe it&#39;s not set to run there.


    Edit: I didn&#39;t find any useful information, I would get rid of it,

  3. Software & Hardware   -   #3
    bob_the_alien's Avatar Bob The Alien
    Join Date
    Aug 2003
    Location
    London, Kentucky
    Age
    37
    Posts
    525
    Maybe it&#39;s some new variation of the system.exe trojan that was out awhile back, now it&#39;s just systemb.exe

    anyway, I agree, even if you have to do safe mode, delete it, never heard of it, so I fairly certain it&#39;s not going to matter anyhow, so trash it, best to be safe than sorry.
    "Where did he go, George, Where did he go?"


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •