 Smsn.exe, possible worm... |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
BleepingComputer.com > Bleeping Computer Applications and Guides > Windows Startup Programs Database  |
  May 16 2008, 11:07 PM
Post
#1
|
|
|
New Member  Group: Members Posts: 7 Joined: 16-May 08 Member No.: 209,440  |
This post has been edited by BonaDea2008: May 16 2008, 11:09 PM |
 |
 
|
|
May 18 2008, 06:22 PM
Post
#2
|
|
 Bleep Bleep! Group: Admin Posts: 28,449 Joined: 24-January 04 From: USA Member No.: 3 |
You need to provide more information as to where it is located on your PC, what the service display name and service name are, etc.
-------------------- Lawrence
|
|
|
|
|
May 21 2008, 02:53 PM
Post
#3
|
|
|
New Member Group: Members Posts: 7 Joined: 16-May 08 Member No.: 209,440 |
Here's the complete 023 listing:
023 - Service: Windows Audio Server (Audios) - Unknown Owner - c:\Recycle\smsn.exe That's all the information I have. Thanks. |
|
|
|
|
May 21 2008, 04:08 PM
Post
#4
|
|
|
Bleep Bleep! Group: Admin Posts: 28,449 Joined: 24-January 04 From: USA Member No.: 3 |
Definitely malware.
Let me get a sample. Please submit this file: c:\Recycle\smsn.exe To http://www.bleepingcomputer.com/submit-malware.php?channel=3 -------------------- Lawrence
|
|
|
|
|
May 23 2008, 11:45 AM
Post
#5
|
|
|
New Member Group: Members Posts: 7 Joined: 16-May 08 Member No.: 209,440 |
I've been trying to get a sample of that file for you. Here are a couple of problems I'm running into. First, when I use windows to navigate to the "Recycle" folder, it says the folder is empty. When I run cmd and do a "dir" of the "recycle" directory, I get two directories named:
2008-05-20 13:02 <DIR> . 2008-05-20 13:02 <DIR> .. I cannot do a cd to either of these directories (. and .. dirs) When I do a "dir \a (for hidden files) this is what I get: Directory of C:\ File Not Found In win 2000 "\a" should be sufficient for finding hidden files, but even when I add the switch [h], I get the same results as above. Another interesting thing: apparently the file changes its name spontaneously. In my first HJT log on 05/13, this is what I got (this is copied and pasted from HJT log): O23 - Service: Windows Audio Server (Audios) - Unknown owner - c:\Recycle\smsn.exe Today, I run HJT and get this: O23 - Service: Windows Audio Server (Audios) - Unknown owner - c:\Recycle\smsa.exe Notice the last letter in the file name has changed. When I check my task manager it shows up as a running process with the following information: PID 492 CPU 00 CPU Time 0:00:00 Mem Usage 3,932 Could this be an ads attached to a directory? Should I download and run Lads? (Is there an alternative to Lads if I don't have an unzip program (if Lads is really best, I'll get an unzip program) Any tips on how to isolate the file so I can send it to you?) Thanks for any help you can provide in isolating this file. |
|
|
|
|
May 25 2008, 06:24 AM
Post
#6
|
|
|
Bleep Bleep! Group: Admin Posts: 28,449 Joined: 24-January 04 From: USA Member No.: 3 |
I would follow the prep guide here: http://www.bleepingcomputer.com/forums/forum22.html and post a DSS log. Sounds like you have more than one malware infection and should be properly looked at. This forum is not designed for that purpose.
-------------------- Lawrence
|
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 6th September 2008 - 07:48 PM |
© 2003-2008 All Rights Reserved Bleeping Computer LLC.