Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

vbc.exe runs for a few seconds before stopping (seen in task manager on startup)


  • Please log in to reply
33 replies to this topic

#1 Foldingchair

Foldingchair

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Netherlands
  • Local time:05:57 AM

Posted 19 May 2015 - 07:12 PM

Hello! I've recently noticed something on my laptop (Windows 7 64 Bit).

 

When I start up my laptop, I usually open task manager right away, and I've noticed that vbc.exe runs for a few seconds (say like 10 seconds), before vanishing from the list. I'm curious what could cause this.

As far as I'm aware it's not a vital essential for Windows to run at startup as my desktop doesn't do it, and never has done so. But then again, my laptop is a bit weird when it comes to processes. There's usually a lot of them, many related to the hardware. (Thanks, Dell.)

 

I'm not sure when it started to appear. I'm thinking it has always been this way. My laptop hasn't been acting strange (other than being a tad slow, although this seems common with Windows 7 laptops from my experience fixing them.) and Microsoft Security Essentials and Mbam both say there's nothing wrong. It runs from the legitimate .NET framework folders, and nowhere else.

 

So I'm curious about your opinions about this. Is it something worth scratching the back of my head over?

It just seems a bit odd because I wouldn't be able to imagine what it's necessary for. Could it be something related to MS Office? We do use VBS with MS Visio and Excel for one of my college classes.

 

Awaiting any kind of thoughts. Thanks.

 

EDIT: It doesn't seem to run when starting in safe mode. I'm going to say that's good, because I've had terrible experiences with a vbs worm in the past.


Edited by Foldingchair, 19 May 2015 - 07:19 PM.

"Peace and blessings be upon you all."


BC AdBot (Login to Remove)

 


m

#2 hamluis

hamluis

    Moderator


  • Moderator
  • 54,865 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:10:57 PM

Posted 20 May 2015 - 11:17 AM

FWIW:  http://www.file.net/process/vbc.exe.html .

 

Louis



#3 Foldingchair

Foldingchair
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Netherlands
  • Local time:05:57 AM

Posted 20 May 2015 - 03:49 PM

I'm aware of that page. Pretty much everything described on there I've either done or taken note of. Guess I might try reinstalling .NET to see what happens.

 

Any scan I've done comes out clean by the way. (MSE, Mbam, ESET Online).


"Peace and blessings be upon you all."


#4 zcomputerwiz

zcomputerwiz

  • Members
  • 312 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:57 PM

Posted 21 May 2015 - 10:03 AM

One of the applications running on startup was built using .Net and is causing vbc to run when it is launched.

If you want to find out which one, follow the instructions to perform a clean boot then re-enable your startup items one at a time or in blocks of 4 etc. (with a reboot each time) until vbc runs on startup.

Make sure to reset back to normal boot when finished.


Have you tried turning it off and on again?


#5 Foldingchair

Foldingchair
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Netherlands
  • Local time:05:57 AM

Posted 21 May 2015 - 10:14 AM

One of the applications running on startup was built using .Net and is causing vbc to run when it is launched.

If you want to find out which one, follow the instructions to perform a clean boot then re-enable your startup items one at a time or in blocks of 4 etc. (with a reboot each time) until vbc runs on startup.

Make sure to reset back to normal boot when finished.

 

That's actually a really good idea. I didn't think of that yet. And I had my nose right on top of msconfig all these days. The only downside is that it's going to take a long time. But I suppose for a paranoia freak like me that in the end it'll be worth it, because I'll find out what causes vbc.exe to run. It just doesn't make sense for it to run methinks.

 

I'll probably give it a shot tomorrow after school, hopefully I'll have some time off at last this weekend. :smash:


"Peace and blessings be upon you all."


#6 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:57 PM

Posted 21 May 2015 - 10:30 AM

The clean boot doesn't take very much time.  

 

(1)  Click on the General tab.   
 
(2)  Click the Selective startup option. 
 
(3)  Remove the check mark in the Load startup items  check box. 
 
msconfig_zps77b1ef82.png
 
Part C
 
(1)  Click on the Services tab. 
 
(2)  Place a check mark in the Hide all Microsoft services check box, this will remove the Microsoft Services from the list but will still be running. 
 
(3)  Click Disable all, this will remove all of the check marks in the Services list, then click on Apply, then OK.  Click on Restart in the window that opens.
 
If the problem doesn't persists after restarting the computer, you will know that your problem is with a third party service.  You can enable half of the services and restart the computer to see if the problem returns.  If it does, then you know that it is one of the services you just enabled.  Use the process of elimination to find the service causing this. 

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#7 Foldingchair

Foldingchair
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Netherlands
  • Local time:05:57 AM

Posted 21 May 2015 - 12:26 PM

That's true dc3. I'm aware of how easy it is. Despite not having a lot of knowledge about malware, infections and other sorts of nasties, I do know my way around Windows fairly well.

 

The thing about isolating the program that might be causing vbc.exe to run is the amount of software I have to wade through. There's quit a lot of it on my laptop. And honestly, more stuff starts up on boot than I'd like, but a lot of services related to some of the software is required to be running in case I need to access something that requires it, or else it would just take forever to get what I need. Blame my school for wanting to use software that drowns you in services.

 

That aside though, I'm definitely trying it out tomorrow just to see what will come out of it. Like I said before, I don't assume the vbc.exe to be something nasty in this case, but I always expect the worst.

 

Great instruction by the way dc3! I'm sure you're very useful to other users in need as well!


Edited by Foldingchair, 21 May 2015 - 12:27 PM.

"Peace and blessings be upon you all."


#8 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,622 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:57 AM

Posted 21 May 2015 - 02:51 PM

I suggest you use Sysinternals' procmon with boot time logging to see which process starts vbc.exe.

http://www.msigeek.com/6231/how-to-enable-system-boot-time-logging-using-process-monitor-tool

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#9 Foldingchair

Foldingchair
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Netherlands
  • Local time:05:57 AM

Posted 21 May 2015 - 04:55 PM

I suggest you use Sysinternals' procmon with boot time logging to see which process starts vbc.exe.

http://www.msigeek.com/6231/how-to-enable-system-boot-time-logging-using-process-monitor-tool

 

I might give that a try when I find the time tomorrow. Thanks. :)


"Peace and blessings be upon you all."


#10 Foldingchair

Foldingchair
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Netherlands
  • Local time:05:57 AM

Posted 22 May 2015 - 04:08 AM

So, I ran the tool just now. I'm unsure what to do now... I tried looking for vbc.exe in the list, but it didn't show. I saved the logs, just in case.


"Peace and blessings be upon you all."


#11 Foldingchair

Foldingchair
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Netherlands
  • Local time:05:57 AM

Posted 22 May 2015 - 04:35 AM

 

The clean boot doesn't take very much time.  

 

(1)  Click on the General tab.   
 
(2)  Click the Selective startup option. 
 
(3)  Remove the check mark in the Load startup items  check box. 
 
msconfig_zps77b1ef82.png
 
Part C
 
(1)  Click on the Services tab. 
 
(2)  Place a check mark in the Hide all Microsoft services check box, this will remove the Microsoft Services from the list but will still be running. 
 
(3)  Click Disable all, this will remove all of the check marks in the Services list, then click on Apply, then OK.  Click on Restart in the window that opens.
 
If the problem doesn't persists after restarting the computer, you will know that your problem is with a third party service.  You can enable half of the services and restart the computer to see if the problem returns.  If it does, then you know that it is one of the services you just enabled.  Use the process of elimination to find the service causing this. 

 

 

I tried this out just now. Didn't do anything. vbc.exe still did the same thing.


"Peace and blessings be upon you all."


#12 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,622 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:57 AM

Posted 22 May 2015 - 02:34 PM

So, I ran the tool just now. I'm unsure what to do now... I tried looking for vbc.exe in the list, but it didn't show. I saved the logs, just in case.

 

Go to Tool / Process Tree

 

Then search for vbc.exe.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#13 Foldingchair

Foldingchair
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Netherlands
  • Local time:05:57 AM

Posted 22 May 2015 - 04:38 PM

 

So, I ran the tool just now. I'm unsure what to do now... I tried looking for vbc.exe in the list, but it didn't show. I saved the logs, just in case.

 

Go to Tool / Process Tree

 

Then search for vbc.exe.

 

 

I'll continue on this tomorrow. It's a little late right now where I live, and I'm up for some games after not being able to touch anything in my Steam library for a whole week due to all the school work I had to do. :)


"Peace and blessings be upon you all."


#14 Foldingchair

Foldingchair
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Netherlands
  • Local time:05:57 AM

Posted 25 May 2015 - 12:47 PM

Just bumping the thread to let you guys know that it's still active, and I will get to continuing my investigation soon. I've been a little occupied lately. I'm still alive, also.


"Peace and blessings be upon you all."


#15 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:57 PM

Posted 25 May 2015 - 01:14 PM

Not a problem.  When ever you post, those who are involved in this topic will receive a e-mail notice of new activity.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users