Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Found an on-line library


  • Please log in to reply
6 replies to this topic

#1 apples

apples

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Location:Virginia but my Heart belongs 2 Jersey
  • Local time:06:31 PM

Posted 23 April 2005 - 01:07 PM

Hi,

I found an on-line library which has helped me identify programs and system processes w/i my 2 computers - but I'm not sure if I can post the location and if so where.

I would like to share if I can.

Apples
Be a Hero ~ Share Knowledge

BC AdBot (Login to Remove)

 


#2 jgweed

jgweed

  • Staff Emeritus
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:05:31 PM

Posted 23 April 2005 - 01:20 PM

BC is all about sharing information and members helping each other, so if the link is to a not-for-profit site, then you could post it, with a short introduction about its use and features, in the tips and tricks forum.

If it is a start up database, then BC already has a very complete one of its own.

Regards.
John
Whereof one cannot speak, thereof one should be silent.

#3 apples

apples
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Location:Virginia but my Heart belongs 2 Jersey
  • Local time:06:31 PM

Posted 23 April 2005 - 06:17 PM

Thank you for the information ..

Actually the library lists processes and files that do not appear in start up .. those which are needed and some that you don't want to have.

I could not locate the sys & exe files and associated programs here so I have gone searching and found the library. They do sell programs on the site but the Windows Process Library is free to use.




Apples
Be a Hero ~ Share Knowledge

#4 Gumdrop

Gumdrop

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:04:31 PM

Posted 09 May 2005 - 03:16 AM

:thumbsup:

From The above site:

Description:
adaware.exe is a variant of the RapidBlaster parasite. The parasite copies itself to new directories to spread. This process is a security risk and should be removed from your system. If found make sure that you have the latest updates of your antivirus software.


Should we get rid of Ad-Aware??


. )) -::-
. .))
((. . -::-Kris
-::- ((.*


#5 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:06:31 PM

Posted 09 May 2005 - 06:02 AM

Gumdrop,

"adaware.exe" is a variant of the RapidBlaster parasite but this executable file has
nothing to do with the valid "Lavasoft Ad-Aware" spyware/adware removal programs
like "Ad-Aware SE".

The similarity in names is confusing and was intentionally done to perpetuate that confusion.

:thumbsup:
regards,
Koan

Edited by KoanYorel, 09 May 2005 - 06:03 AM.

The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#6 Gumdrop

Gumdrop

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:04:31 PM

Posted 09 May 2005 - 02:33 PM

Thx Koan. I should have figured as much.


. )) -::-
. .))
((. . -::-Kris
-::- ((.*


#7 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,585 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 PM

Posted 11 May 2005 - 07:34 PM

Yes malware writers are very clever. It's getting more common for them to name a malicious file after a valid system file but change the spelling by one letter. That's why exact spelling is very important. Take your example:

adaware.exe is bad.
Ad-Aware.exe is the valid Ad-Aware executable file. (I don't think capitalization matters, but the hyphen does.)

A while back you had to be careful with the printer spooler.

spoolsv.exe is a valid system process.
spoolsrv.exe is W32.Randex.H and some other malware.

Another trick they use is to use a legitimate file name, but put it in a different folder. Two files of the same name are not allowed in a particular folder. Ad-Aware.exe should be in the Program files folder. Often instead you will see a bad file in the system folder. So for example the following would be at least suspicious in XP:

C:\WINDOWS\system32\Ad-Aware.exe

To answer your original question--
I take it you're talking about the WinTasks Process Library at www.liutilities.com. And you were looking at this page:
http://www.liutilities.com/products/wintas...ibrary/adaware/

Yes, that is a trustworthy source of information. Members of the HJT Team use it often.

Note that it is for processes. BC's startup database--and there are several others out there--are for startups only. IOW, not every process you see in Task Manager is set to start when Windows starts and many others that do don't show up in msconfig because they don't start from the various run keys of the registry. Startup databases only include info about files known to start from those reg keys.

Another good source of info for all processes (also known as Tasks) is TASK LIST PROGRAMS- AnswersThatWork.com

The fate of all mankind, I see

Is in the hands of fools

--King Crimson





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users