Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
I think I understand the purpose of this, but I have some questions. first I have noticed that on some HJT logs there may be several (3 or 4) such files. Is this a clue that perhaps a trojan has set up such a file to help activate itself. If I opened the file what would I look for? I have read that trojans set up their nasties in the SVCHOST file? Very interesting!! A tutorial about where nasties hide and what they look like would be great. Your tutorials are tremendous---Keep it up. I saw a site the other day that gives file descriptions (I usually Google) it is called "KEPHYR". I hope besides the good description they didnt also give me a virus/spy. I have become paranoid.
EDBEE from NMUSA- RENOWNED MALWARE FIGHTER AND SWORN ENEMY OF ALL INTERNET HIJACKERS
Kephyr is a good and valid site. You dont have to worry about them.
When a program is run it loads itself into memory as a process. This process can then be seen as running under the name of the file.. For example running bleeping.exe , would create a process called bleeping.exe
Now there are things called services that run in a special way . They can be started via their files themserlves (.exe files) or be stored as a dll file. These dll files can then be loaded via svchost. exe
It is perfectly normal to see multiple svchost.exe processes running, with each process handling multiple services running from dlls. That it is valid to see this, does not mean that hijackers do not use it as well, because they do. It just makes it harder to find