Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Event Log reports unknown service


  • Please log in to reply
3 replies to this topic

#1 okahmad

okahmad

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 04 December 2009 - 06:14 AM

I am observing the following entry in my Windows XP Home SP3 event log:

The KMNF service was successfully sent a start control.
Source: Service Control Manager

I have looked and looked in Google, Bing, etc. but cannot identify this service. In fact, there is not a single reference in Google to any software program or service that goes by this acronym! How do I go about finding out more about why I have a start control on a service I cannot identify (KMNF or anything close to it is not listed as a service in the MMC Servics Console).

Looking at the registry it appears that KMNF is being called in HKLM/System/CurrentControlSet/Services/KMNF. It runs a program in /Documents and.../Local Settings/Temp/C6.tmp

What could this be?

Thanks in advance.

BC AdBot (Login to Remove)

 


#2 Ken-in-West-Seattle

Ken-in-West-Seattle

  • Members
  • 518 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 04 December 2009 - 09:29 AM

a search for c6.tmp shows it associated with a trojan. This is not 100% but some very bad malware can create temp files to hide in. You should run malwarebytes and perhaps back up your important files to a flash drive.

If you can't get to or download malwarebytes
http://www.malwarebytes.org/
and superantispyware
http://www.superantispyware.com/

That can be a clue too.

Install and run them and if they find any trojans, assume there are more and go to the "Am I infected" forum and read the pinned items. Both are great programs but there are no single programs that can find and clean completely and repair damage too. Trojans are sometimes the tip of the iceberg of hidden rootkits.
http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/

#3 okahmad

okahmad
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 15 December 2009 - 06:06 AM

Well, I have submitted c6 to to Symantec and Fortinet and it has come out clean in both cases. I ran malwarebytes but at a certain stage of progression it crashes the computer. I have been looking for a log file or trace file for malwarebytes so that I could at least tell what fail is causing this but so far no luck.. (application data/malwarebytes/malwarebytes antimalware/logs/ directory is empty!)

#4 OldGrumpyBastard

OldGrumpyBastard

  • Members
  • 781 posts
  • OFFLINE
  •  
  • Location:"Way South of 'da Bridge"
  • Local time:01:11 PM

Posted 15 December 2009 - 07:45 AM

Probably a good step would be to follow the link that Ken in Seattle provided for more expert advice for the removal of this unknown service...If it is malware related they should be able to help you rid yourself of it or direct you to more drastic measures such as HighJackThis...

http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/

MBAM is a great tool but if it won't successfully run it leads me to believe that something deep down is causing it to crash...Serious infections can disable even the best of scanners....
Does this look like an OldGrumpyBastard or what?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users