Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

File Not Found In File Data Base


  • Please log in to reply
12 replies to this topic

#1 Jove

Jove

  • Members
  • 2,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Very South Jersey
  • Local time:08:51 AM

Posted 18 September 2008 - 02:32 PM

I have a problem finding any information in file database for;

c:\windows\system32\svchost.exe -k

I found this in my PC Services in the S.I.

I have searched using My PC Search;nothing
I looked in Windows System32 file; not there ?

There is nothing found in Process Library.

System Information>Services;
Alerter Alerter Running Auto Share Process c:\windows\system32\svchost.exe -k localservice Normal NT AUTHORITY\LocalService 0


STARTUP LIST

Name Filename Status Description
Alerter alerter.exe
X
Added by the TSPY_MAHA.F information stealing Trojan.
Alerter alrsvc.dll
Y
This service is used to notify selected computers and users of alerts from programs. This service is started by svchost.exe. ... Read More
Compaq Alerter CPQAlert.exe
U
Compaq's Insight Manager Agent - a tool that allows for "fault, performance, and configuration management". Recommended for corporate users only. It's ... Read More
office mail off_mail.exe
U
Related to Office_Mail Client E-mail service from Burrotech Ltd.
office mail alerter om_Alerter.exe
U
Related to Mail_Alerter for Office Mail. Alert of new mail with an icon on the system tray ... Read More

Edited by Jove, 18 September 2008 - 06:00 PM.

When you don't have to worry about your computer anymore, you can start
living again !

vrwqzc.gif
Success is a result, not a goal. . . . Flaubert


BC AdBot (Login to Remove)

 


m

#2 Jove

Jove
  • Topic Starter

  • Members
  • 2,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Very South Jersey
  • Local time:08:51 AM

Posted 18 September 2008 - 05:54 PM

I have a feeling I am infected, my dial up box is missing, (large blue connection box where I can access properties), it still dials from small message box that says port open, . . then dialing, it's been acting funny, also the show connections from start, is missing.

I am now manually searching my services and checking them in the BC startup list;

Alerter (last post was the first on the list.)

Next is ;

Application Management AppMgmt Stopped Manual Share Process c:\windows\system32\svchost.exe -k netsvcs Normal LocalSystem 0

This is the info I found at the BC startup list;

This is an undesirable program.
This file has been identified as a program that is undesirable to have running on your computer.
This consists of programs that are misleading, harmful, or undesirable.

If the description states that it is a piece of malware, you should immediately run an antivirus
and antispyware program. If that does not help, feel free to ask us for assistance in the
forums.
Name: Application Management Browser
Filename: smss.exe
Command: C:\Windows\smss.exe
Description: Added by the Troj/Comhush-A Trojan. This infection should not be confused with
the legitimate smss.exe found in the C:\Windows\System32 (%System%)folder.
File Location: %WinDir%
Startup Type: This startup entry is installed as a Windows NT, 2000, 2003, XP, or Vista
service.
Service Name: apman
Service Display Name: Application Management Browser
HijackThis Category: O23 Entry
Note: %Windir% refers to the Windows installation folder. By default, this is C:\Windows for
Windows 95/98/ME/XP/Vista or C:\Winnt for Windows NT/2000.

My PC shows these;
Search Results;
SMSS C:\i386\SYSTEM32 459KB Application
smss C:\WINDOWS\$NtServicePackU... 45KB Application (blue font)
smss C:\WINDOWS\system32 50KB Application
smss C:\WINDOWS\ServicePackFiles\i... 50KB Application
smss C:\WINDOWS\SoftwareDistribut... 50KB Application

I have been scanning, but lately I have had a problem opening AdAware! I scanned with Spybot and SuperAntiSpyware, and Prevx, have not found anything !
Am I infected?

Edited by Jove, 18 September 2008 - 06:08 PM.

When you don't have to worry about your computer anymore, you can start
living again !

vrwqzc.gif
Success is a result, not a goal. . . . Flaubert


#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,571 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:51 PM

Posted 18 September 2008 - 05:58 PM

If you are worried about any particular file on your system, upload it at Jotti for analysis.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#4 Jove

Jove
  • Topic Starter

  • Members
  • 2,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Very South Jersey
  • Local time:08:51 AM

Posted 18 September 2008 - 06:10 PM

Hi Budapest,

I can't upload a file I cant find that would be the ;

Alerter Alerter Running Auto Share Process c:\windows\system32\svchost.exe -k localservice Normal NT AUTHORITY\LocalService 0

At this time I can not find it where it says it is ?

I'll check the other !

When you don't have to worry about your computer anymore, you can start
living again !

vrwqzc.gif
Success is a result, not a goal. . . . Flaubert


#5 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,571 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:51 PM

Posted 18 September 2008 - 06:15 PM

This is the file:

c:\windows\system32\svchost.exe
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#6 Jove

Jove
  • Topic Starter

  • Members
  • 2,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Very South Jersey
  • Local time:08:51 AM

Posted 18 September 2008 - 06:35 PM

no this is what copies from my system ;

Alerter Running Auto Share Process c:\windows\system32\svchost.exe -k

Edited by Jove, 18 September 2008 - 06:36 PM.

When you don't have to worry about your computer anymore, you can start
living again !

vrwqzc.gif
Success is a result, not a goal. . . . Flaubert


#7 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,571 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:51 PM

Posted 18 September 2008 - 06:45 PM

Where exactly are you copying this from.

The "-k" is not part of the file name.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#8 Jove

Jove
  • Topic Starter

  • Members
  • 2,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Very South Jersey
  • Local time:08:51 AM

Posted 18 September 2008 - 06:58 PM

I am copying it from >Run>winmsd.exe>OK> System Information>Services

Alerter>Highlight>Edit>copy>paste

Visually it reads: c:\windows\system32\svc...
But Copies and paste; c:\windows\system32\svchost.exe -k

Edited by Jove, 18 September 2008 - 07:01 PM.

When you don't have to worry about your computer anymore, you can start
living again !

vrwqzc.gif
Success is a result, not a goal. . . . Flaubert


#9 Jove

Jove
  • Topic Starter

  • Members
  • 2,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Very South Jersey
  • Local time:08:51 AM

Posted 18 September 2008 - 07:56 PM

Found this : not sure if it has been doing irreversible damage, however My ,"show connections", is back in the start column, however my connection icon in the notification window has a red x indicating it is off, it is actually on !

Malwarebytes' Anti-Malware 1.28
Database version: 1171
Windows 5.1.2600 Service Pack 2

9/18/2008 8:47:39 PM
mbam-log-2008-09-18 (20-47-32).txt

Scan type: Quick Scan
Objects scanned: 43579
Time elapsed: 6 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.


Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

When you don't have to worry about your computer anymore, you can start
living again !

vrwqzc.gif
Success is a result, not a goal. . . . Flaubert


#10 Jove

Jove
  • Topic Starter

  • Members
  • 2,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Very South Jersey
  • Local time:08:51 AM

Posted 19 September 2008 - 06:48 PM

Budapest,
Here is a more clear view of the origination of the file address from a different perspective, I hope I have not led you astray.

Posted Image

Please tell me what I am looking at here, since it may not have been familiar to you ?

Edited by Jove, 19 September 2008 - 07:07 PM.

When you don't have to worry about your computer anymore, you can start
living again !

vrwqzc.gif
Success is a result, not a goal. . . . Flaubert


#11 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:08:51 AM

Posted 19 September 2008 - 08:45 PM

svchost.exe
from the system32 folder is an essential service, it can be called up and used by malware also

your -k Local service is a registry call
Chewy

No. Try not. Do... or do not. There is no try.

#12 Jove

Jove
  • Topic Starter

  • Members
  • 2,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Very South Jersey
  • Local time:08:51 AM

Posted 19 September 2008 - 08:58 PM

Thanks Dachew !

I wasn't sure, I think I am on to my various PC problems, I have found some questionable subjects in places I really never expected them to be, and will probably be making some post in the new Startup Submission Forum.

T.A.

When you don't have to worry about your computer anymore, you can start
living again !

vrwqzc.gif
Success is a result, not a goal. . . . Flaubert


#13 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:08:51 AM

Posted 19 September 2008 - 09:22 PM

The below are all enhanced Task Manager type programs that will show you what is running on your computer. Each is nice in its own way. What's Running is probably the easiest, with AutoRuns for the more experienced, and Process Explorer the most popular. With these, for example, you can see what processes are using each of those various svchost.exe images.


this is what a mvp suggested when I had a similar quest

http://www.whatsrunning.net/whatsrunning/main.aspx

the easiest
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users