Weird Process Running..PING.EXE?
<hr>
Note: Icrontic recommends updated security software from ZoneAlarm, Avira, Trend Micro, Symantec, F-Secure, Kaspersky, or AVG to help solve this problem. Here is the original post:
<hr>
Recently, I've found a strange process running on my PC..
In Task Manager a process called PING.EXE TCP/IP PING COMMAND..I have never had this until today
I just ran Malwarebytes and no infection was found.
What is it? Is it a nasty?
Edit: I'd just like to mention that when I try to open the file location or properties of this process while in task manager, nothing happens..AND I cannot end the process..the error I get when I try to end it is this :
"The operation could not be completed. The operation is not valid for this process"
I'm getting a little nervous now.
Any help would be appreciated, thank you.
Note: Icrontic recommends updated security software from ZoneAlarm, Avira, Trend Micro, Symantec, F-Secure, Kaspersky, or AVG to help solve this problem. Here is the original post:
<hr>
Recently, I've found a strange process running on my PC..
In Task Manager a process called PING.EXE TCP/IP PING COMMAND..I have never had this until today
I just ran Malwarebytes and no infection was found.
What is it? Is it a nasty?
Edit: I'd just like to mention that when I try to open the file location or properties of this process while in task manager, nothing happens..AND I cannot end the process..the error I get when I try to end it is this :
"The operation could not be completed. The operation is not valid for this process"
I'm getting a little nervous now.
Any help would be appreciated, thank you.
0
Comments
Well, any idea how to get rid of it??
I've been looking it up and some places say it's spyware and other places say it isn't..it's rather confusing.
Check out the ping.exe process. If it's in c:\windows\system32 then it's probably just the actual built in windows ping command which is not malicious.
If it's not in the aforementioned location, then write down where it is, boot into safe mode and try removing it. That or try something other than Malwarebytes. Try running a full virus scan.
I have never seen Ping.exe active unless I was pinging something.
Anyway, I was looking through the processes in task manager again, and noticed the "cmd.exe" processes running. From what I understand that's the DOS command prompt? No idea how that got started, I never opened the command prompt.
I killed the cmd.exe process and poof! the PING.EXE process was no longer there!
So the so-called "weird" ping.exe process seems to be quite safe..in my case anyhow. It IS in my system32 folder, so I suppose that's a good indication it's alright. Although I know it isn't always true.
My question now is..how the heck did the cmd.exe process get started if I didn't open it? LOL!
Btw, I don't know the first thing about pinging anything so how these things got active on their own is quite weird.
As for the system32 bit I mentioned, there will be a ping.exe in that location pretty much no matter what. The question is, was the ping.exe that was running the one from that directory. Process explorer would tell you which one was running (it's possible a different ping.exe, located in a different directory, was the one running) but now that the process is no longer running it's impossible to tell.
Well crap, I guess I got ahead of myself...sigh.
http://www.processlibrary.com/directory/files/ping/
However it should not be running all the time. It maybe there is another malicious process running in the background that is using the ping command to try and find other networked machines.
As for it being in system32 folder that doesn't really mean anything. Many malicious processes hide in the system32 folder. If you like you can post a hijack this log for us to look at. Im not qualified to advise how to fix your PC if you are infected but if you post your log in a new thread someone will come along to help. You must be patient though as there are a lot of people out there with infected PCs.
sorry ardichoke. i was referring to mismis' post about it being good because it was in system32. a lot of malware creates a process with the same name but runs from a different location. ie it normally runs from the windows directory but the malware runs from system32. it makes the malware seem more credible. which is basically what you were saying.
either way it doesn't sound good and needs checking out by the spyware experts.
i am having the same prob that mismis is/was only i do not have cmd.exe running. ive tried ending the process (successfully) but it keeps coming back and sucking up my processor speed and a sizable chunk of ram.
any thoughts?
i havent run azureus in over a month and i have disabled my dropbox. in either case, theyve been on my computer for awhile and this ping.exe process just started yesterday.
bear with me though, because im not the most process-savvy
If you erased the processes, we will not ever know how they were called at startup unless you start getting mysterious errors from processes that start up as windows loads. If you have not erased cmd.exe and ping.exe, please do not do that.
IN RE Killing: Killing in one sense of computing understanding meant to only suspend the running of a process(System Configuration can keep processes from starting up without destroying them). Killing in the other sense meant to suspend and then erase something. Please be careful using kill when talking to a non-process-savvy newbie.
This is definitely a serious issue. I have it myself at the moment.
You'll want to check out threads on the forum at bleepingcomputer.com on the ping topic. You'll need to run a couple of scans (which are free) in order to get data logs that you'll then need to supply back to the folks there. There is an explicit multi-step process they have you execute to get the info needed. It is cross-referenced from several of the ping threads there.
In my case, I'm running Malwarebyte's as my malware protection continuously (yes I bought it) and it is almost constantly blocking outgoing attempts to access several malicious website IP addresses.
Check out your task manager, you should note that even after killing the ping.exe process, it will restart after a few minutes, and over time will continue to lock down more and more of your memory.
Hope that helps,
David
If you have constant outgoing connections to malicious IPs, you still have an active virus on your system. I'd suggest throwing Combofix around for a loop if Malwarebytes wasn't able to clean it out or the dreaded re-image.
To the thread:
Do the combofix thing, but I also recommend doing a trial of ESET, with setup of it in such a way that it removes and blocks potentially unwanted programs. This is how ESET is made active for scareware, adware, and spyware. Major spyware is blocked by default, as well as hugely many viruses.
Some folks call the scareware viruses. Malwarebytes is not the best for scareware. Avast!, BitDefender, and ESET are actually better.Some scareware and spyware will use ping to tell remote servers they are yet active. many on a computer would result in constant pinging.
Ping.exe, if it is in the C:\windows\system32 directory, is a valid tool. You want what is using it removed, not to remove it. Combofix may help with this identification of what is making ping active, yes.
John.
TBH: Once you have an infection, the dreaded re-image is the only way to know for sure that your system is clean again. It sucks, but if you want to be sure, just do it.