It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Originally posted by Libran1
I do this with videos all the time of music...everything... its only when i start my tin foil hat downloads when it starts.
Originally posted by phishyblankwaters
reply to post by Libran1
winsystem.exe is not a legitimate windows process. It's obviously an infection of some sort, not very advanced if you can actually see it in the process list.
Well, as I do this for work, the most thorough answer is backup important data, scan THAT data on a non compromised system to be safe, then wipe and reinstall.
The IT guy in me (this is what I would do) would first verify the settings on my router and firewall, making sure no connections that shouldn't be there are, and making sure only the ports I want open are indeed open. Once infected you installed AV and firewall are useless. You can use an online scanner like bitdefender, that is free and will clean a lot of stuff out, but it's not fool proof.
Then I'd start digging, I'd install "tcp process port linker" and check what ports that exe is accessing. I'd then do a deep search (enabling advanced search, search hidden system folders, search for name and search for containing text) and look for anything linked to that exe.
In most cases, you'll have it in your prefetch folder waiting to open itself up again the next time you do anything. If this is the case, safe mode, or a linux boot disk, to manually wipe out the exe, any traces of it in the registry and prefetch, then I'd run some bootable virus scans.
9/10 you got this from a website. Obviously you can't use safety features on this site as it's in the T&C, but for any site outside of the ATS family I'd suggest:
Firefox, preferably the newest build. Adblock plus and NoScript or YesScript addons installed. block scripts on all sites and only allow the specific scripts you need. For example, you go to a blog site that has adds and video and such. If you want to view the video you can right click it and enable just that object, instead of allowing scripts for the entire site.
Simply doing that, coupled with even the basic windows firewall, and you'll be pretty darn secure, you will actively have to hit the "stupid" button to get infected.
to take it a step beyond, you can also get a program called "sandboxie" or a clone, which will allow you to run applications in an isolated system, so even if it's a virus, it's completely contained. When downloading and testing apps from *questionable* sources, this is a must.
This had nothing to do with the videos you have, and it probably became apparent as encoding and converting video takes a lot of cpu cycles, cycles your infection was trying to use. AVI files can contain macros which could potentially carry executable code. FLV files streamed or downloaded from Youtube, do not. FLV files from other sites, who knows, it's a flash file. Most people understand that youtube is flash, but they fail to understand that flash is an entire programming suit and could potentially package a virus in a FLV container.
It's only a coincidence this happened at the time when dealing with alternative videos.edit on 17-5-2011 by phishyblankwaters because: (no reason given)