BleepingComputer.com: Found an on-line library

Hi,

I found an on-line library which has helped me identify programs and system processes w/i my 2 computers - but I'm not sure if I can post the location and if so where.

I would like to share if I can.

Apples

BC is all about sharing information and members helping each other, so if the link is to a not-for-profit site, then you could post it, with a short introduction about its use and features, in the tips and tricks forum.

If it is a start up database, then BC already has a very complete one of its own.

Regards.
John

Thank you for the information ..

Actually the library lists processes and files that do not appear in start up .. those which are needed and some that you don't want to have.

I could not locate the sys & exe files and associated programs here so I have gone searching and found the library. They do sell programs on the site but the Windows Process Library is free to use.




Apples

From The above site:

Description:
adaware.exe is a variant of the RapidBlaster parasite. The parasite copies itself to new directories to spread. This process is a security risk and should be removed from your system. If found make sure that you have the latest updates of your antivirus software.


Should we get rid of Ad-Aware??

Gumdrop,

"adaware.exe" is a variant of the RapidBlaster parasite but this executable file has
nothing to do with the valid "Lavasoft Ad-Aware" spyware/adware removal programs
like "Ad-Aware SE".

The similarity in names is confusing and was intentionally done to perpetuate that confusion.


regards,
Koan

This post has been edited by KoanYorel: 09 May 2005 - 06:03 AM

Thx Koan. I should have figured as much.

Yes malware writers are very clever. It's getting more common for them to name a malicious file after a valid system file but change the spelling by one letter. That's why exact spelling is very important. Take your example:

adaware.exe is bad.
Ad-Aware.exe is the valid Ad-Aware executable file. (I don't think capitalization matters, but the hyphen does.)

A while back you had to be careful with the printer spooler.

spoolsv.exe is a valid system process.
spoolsrv.exe is W32.Randex.H and some other malware.

Another trick they use is to use a legitimate file name, but put it in a different folder. Two files of the same name are not allowed in a particular folder. Ad-Aware.exe should be in the Program files folder. Often instead you will see a bad file in the system folder. So for example the following would be at least suspicious in XP:

C:\WINDOWS\system32\Ad-Aware.exe

To answer your original question--
I take it you're talking about the WinTasks Process Library at www.liutilities.com. And you were looking at this page:
http://www.liutilities.com/products/wintas...ibrary/adaware/

Yes, that is a trustworthy source of information. Members of the HJT Team use it often.

Note that it is for processes. BC's startup database--and there are several others out there--are for startups only. IOW, not every process you see in Task Manager is set to start when Windows starts and many others that do don't show up in msconfig because they don't start from the various run keys of the registry. Startup databases only include info about files known to start from those reg keys.

Another good source of info for all processes (also known as Tasks) is TASK LIST PROGRAMS- AnswersThatWork.com