Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A Mysterious Suspicious Program


  • Please log in to reply
2 replies to this topic

#1 about_that

about_that

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 06 March 2008 - 11:32 AM

Hi

I was rebooting one day on my XP machine and noticed a strange program being ended by windows unlike I've ever seen before. Impossible to find via search engine cause usually if you find a program you don't know you just enter it in the search string and you can find out if it is legit and what it does but, since this mysterious program has unkown CHRS I've been unable to search for it.

I've tried using Trendmicro PC-Cillin, hijack this, my own searches through registry, housecall (free trendmicro scan), 2 different rootkit detectors (including GMER) and even run ComboFix. I've used independant process viewers, port explorer, task manager (though rarely helpful), and Port Explorer to see if it is connecting to a port/internet. Nothing has revealed the source of this mysterious program. The only way I could show this program name is by taking a picture with my digital camera while I was shutting down. So anyone out there able to figure this one out would be great.

Posted Image

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:43 AM

Posted 07 March 2008 - 10:09 PM

The only thing I can tell you about that image is that the last character after the 'W' looks like the Russian letter (ZH)
http://www.ithaca.edu/faculty/sallen/nato/...ic-alphabet.gif

Or 2 characters of the Cryllic alphabet
http://www.google.com/imgres?imgurl=http:/...=image&cd=2
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:43 PM

Posted 07 March 2008 - 10:22 PM

Have you tried this one?

@boopme
This is kind of ironic considering that the odd app might be Russian, because Kaspersky is written by Russians. Maybe the Russian security program will do a better job with the Russian malware? :thumbsup:

Please do an online scan with Kaspersky WebScanner.
  • Hold down your "Shift" key and click on this link: Kaspersky WebScanner, to open the Kaspersky WebScanner in a new window.
  • Click on "Kaspersky Online Scanner".
    • You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then begin downloading the latest definition files.
  • Once the files have been downloaded click on "NEXT".
  • Now click on "Scan Settings".
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases
  • Click OK.
  • Under select a target to scan, select "My Computer".
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Upon completion, click on the "Save as Text" button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users