Anyone have anyidea what that is(in win2k)? I take care of a company's network and one of the PC's has that running as a process, it makes cpu usage spike and hold to 100% every few seconds. CPU usage graph looks like a heatbeat.
You can't end the process in task manager, and i can't find Winkzn.exe anywere on the hard drive(searched subfolders also) and it's not on the file server. I have searched all over the net and can't find anything, searched the MS site also with no help. This process doesn't show up on any of the other PC's, and i couldn't link it to any programs.
I'm really trying to avoid a reformat, as that would take forever to get it back up and running on the network. If anyone has any idea's, please let me know!
Thanks.
Winkzn.exe?
Winkzn.exe?
Athlon XP 2400+ | soltek 75DRV5 | Radeon 8500 | 512 samsung pc2700
Join the PCA Folding team!
http://folding.stanford.edu/
Team #78
Join the PCA Folding team!
http://folding.stanford.edu/
Team #78
-
FlyingPenguin
- Flightless Bird
- Posts: 33161
- Joined: Wed Nov 22, 2000 11:13 am
- Location: Central Florida
- Contact:
Klez virus. Klez virus add one or more entries to the Startup in your registry to files named WINKxx.exe (where xx is one or two random letters).
Removing the registry reference and the file doesn't help. Klez infects ALL your EXE files over time and thus constantly re-infects your system when you run an infected app.
It's not a real dangerous virus - does no direct harm, but as it takes over more and more of your running apps, it steals more and more of your CPU time until your system runs at a crawl.
CPU spikes like you describe are a classic symptom.
Also a virus scanner won't help because Klez stores a backup in the recycling bin and restores itself from the backup (Klez also prevents you from installing most AV programs).
There's a free Klez removal tool available here:
http://securityresponse.symantec.com/av ... .tool.html
The Tool has to scan your whole drive so it could take 1/2 an hour or more depending on the drive size.
More info on this virus here: http://securityresponse.symantec.com/av ... en@mm.html
NOTE: Klez trashes any anti-virus program that you may have previously installed. You'll have to uninstall it completely and re-install it. After you run the removal tool.
ALSO: Since you'e managing a network, be aware that Klez is an email worm. It exploits a security hole in Outlook & Outlook Express that allows it to infect a system WITHOUT OPENING THE INFECTED ATTACHMENT. It tricks Outlook or OE to run the attachment automatically when the message is previewed (unless you have the "Always ask before opening an attachment" setting checked.
The info link above has a link to the patch for the security flaw. You should install it on ALL your workstations. I would also check all the workstations for Klez infection. Klez is easy to detect - it ALWAYS places a WINKxx.exe file in the Run section of the registry.
Removing the registry reference and the file doesn't help. Klez infects ALL your EXE files over time and thus constantly re-infects your system when you run an infected app.
It's not a real dangerous virus - does no direct harm, but as it takes over more and more of your running apps, it steals more and more of your CPU time until your system runs at a crawl.
CPU spikes like you describe are a classic symptom.
Also a virus scanner won't help because Klez stores a backup in the recycling bin and restores itself from the backup (Klez also prevents you from installing most AV programs).
There's a free Klez removal tool available here:
http://securityresponse.symantec.com/av ... .tool.html
The Tool has to scan your whole drive so it could take 1/2 an hour or more depending on the drive size.
More info on this virus here: http://securityresponse.symantec.com/av ... en@mm.html
NOTE: Klez trashes any anti-virus program that you may have previously installed. You'll have to uninstall it completely and re-install it. After you run the removal tool.
ALSO: Since you'e managing a network, be aware that Klez is an email worm. It exploits a security hole in Outlook & Outlook Express that allows it to infect a system WITHOUT OPENING THE INFECTED ATTACHMENT. It tricks Outlook or OE to run the attachment automatically when the message is previewed (unless you have the "Always ask before opening an attachment" setting checked.
The info link above has a link to the patch for the security flaw. You should install it on ALL your workstations. I would also check all the workstations for Klez infection. Klez is easy to detect - it ALWAYS places a WINKxx.exe file in the Run section of the registry.
---
“The Government of Spain will not applaud those who set the world on fire just because they show up with a bucket.” - Prime Minister of Spain, Pedro Sánchez
“The Government of Spain will not applaud those who set the world on fire just because they show up with a bucket.” - Prime Minister of Spain, Pedro Sánchez
Damn, nasty one huh?
It being a virus never crossed my mind, and thats going to raise some issues
The network isn't conected to the internet, that one workstation has AOL installed and it did contract a virus a few weeks ago(loveletter). I'm not sure of an effective way to scan AOL e-mail, though.
Thanks alot, I owe you.
It being a virus never crossed my mind, and thats going to raise some issues
The network isn't conected to the internet, that one workstation has AOL installed and it did contract a virus a few weeks ago(loveletter). I'm not sure of an effective way to scan AOL e-mail, though.
Thanks alot, I owe you.
Athlon XP 2400+ | soltek 75DRV5 | Radeon 8500 | 512 samsung pc2700
Join the PCA Folding team!
http://folding.stanford.edu/
Team #78
Join the PCA Folding team!
http://folding.stanford.edu/
Team #78