Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

wscntfy.exe in task manager


  • Please log in to reply
6 replies to this topic

#1 Scarlett

Scarlett

    Bleeping Diva


  • Members
  • 7,479 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:As always I'm beside myself ;)
  • Local time:05:38 AM

Posted 30 June 2006 - 07:26 AM

I found wscntfy.exe in task manager. Which is it the bad one or the good one? :thumbsup:
While looking through other posted HJT log's I do not see it as a running process.

I scanned with HJt and it shows as a "running process"
Running processes:

C:\WINDOWS\system32\wscntfy.exe


http://www.bleepingcomputer.com/startups/w....exe-13012.html

Name: KAVPersonal90
Filename: wscntfy.exe
Command: %WinDir%\wscntfy.exe /nosplash
Description: Added by the Troj/Banker-FZ password-stealing Trojan for certain online Brazilian banks.
File Location: %WinDir%
Startup Type: This startup entry is started automatically from a Run, RunOnce, RunServices, or RunServicesOnce entry in the registry.



"wscntfy.exe" is the Windows Security Center, introduced in Service Pack 2.
It displays a tray icon indicating the status of updates, virus protection, and firewall.

Edited by Scarlett, 30 June 2006 - 08:42 AM.

Posted Image

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,766 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:38 AM

Posted 30 June 2006 - 12:42 PM

Location of the file is the clue as to whether its good or bad.

The legit wscntfy.exe is lolcated in the C:\WINDOWS\system32\ and C:\WINDOWS\system32\dllcache\ folders. It is responsible for providing a system tray icon.

The trojan file with the same name is located in C:\Windows and creates a registry key to automatically run at startup.

The legit wscntfy.exe appears in task manager when the Security Center icon is in the system tray and will show as a running process in a hijackthis log. If you disable Automatic Updates it appears and remains their to keep alerting you. Enable AU and the Notification icon goes away and it disappears from task manager.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Scarlett

Scarlett

    Bleeping Diva

  • Topic Starter

  • Members
  • 7,479 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:As always I'm beside myself ;)
  • Local time:05:38 AM

Posted 30 June 2006 - 02:24 PM

Thanks quietman. I feel much better.
I do have auto updates disabled. So I will have to live with the outcome of that.
I do not want to turn on auto updates.

Edited by Scarlett, 30 June 2006 - 02:25 PM.

Posted Image

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,766 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:38 AM

Posted 30 June 2006 - 03:17 PM

Your welcome. I have AU turned on but have it set not to download or install anything since I update manually.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Scarlett

Scarlett

    Bleeping Diva

  • Topic Starter

  • Members
  • 7,479 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:As always I'm beside myself ;)
  • Local time:05:38 AM

Posted 30 June 2006 - 03:49 PM

How do you do that? I didn't know it was possible.

:thumbsup:
Posted Image

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,766 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:38 AM

Posted 30 June 2006 - 03:56 PM

Go to Control Panel and open Automatic Updates. Select "Notify me but don't automatically download or install them." This way I'm alerted if an update is available and then download and install when I want to.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Scarlett

Scarlett

    Bleeping Diva

  • Topic Starter

  • Members
  • 7,479 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:As always I'm beside myself ;)
  • Local time:05:38 AM

Posted 30 June 2006 - 04:12 PM

:thumbsup: Cool thanks!
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users