Re: Anyone know what "piiserviceO" is?

From: H C (keydet89@yahoo.com)
Date: 09/03/02 

Date: Tue, 3 Sep 2002 10:56:47 -0700 (PDT)
From: H C <keydet89@yahoo.com>
To: Amer Karim <amerk@telus.net>, Focus on Microsoft Mailing List <FOCUS-MS@SECURITYFOCUS.COM>

Amer,

> I was just doing some cleaning up on my home system
> (W2K Pro SP3) and I
> noticed this ?piiserviceO? in the processes list. I
> found it in the
> registry under
>
?HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run?,
> but I
> can?t find any info on it either at MSKB or via
> google searches. I?ve
> deleted the key and haven?t noticed any change in
> the systems behaviour, but
> I?d like to know what it is (or was)?

As with other cases like this..."I got rid of it but
now I want to know what it was"...there are a lot more
questions than answers:

1. What was the full entry to the Registry key? Was
there a path to the process image (ie, executable
file)?

2. Did you happen to run pslist.exe, handle.exe,
listdlls.exe (from SysInternals), and fport.exe (from
FoundStone) to gather any information about the
process? Handle.exe and listdlls.exe provide such
information as the process owner, full image path,
command line, and which modules (DLLs) are in use.

3. You mentioned that you searched for a file by that
name, but didn't find anything...how did you conduct
your search? By hand, or by using the Find
capability? Or did you search by the path that you
found in the Registry?

I've recommended the steps in #2 above to the list
before, in order for folks to gather more information
regarding the incident.

If you do end up finding a copy of the file on your
system, I'd greatly appreciate a zipped up copy of it
for review.

HTH,

Carv

__________________________________________________
Do You Yahoo!?
Yahoo! Finance - Get real-time stock quotes
http://finance.yahoo.com

Relevant Pages

  • RE: Anyone know what "piiserviceO" is?
    ... I did re-boot the system after cleaning the registry, ... > delete the reg entry associated with to see if it ... deleting the Registry key to have much of an effect, ... Do You Yahoo!? ...
    (Focus-Microsoft)
  • RE: Anyone know what "piiserviceO" is?
    ... There was no entry, other than the key name, in the registry key. ... there a path to the process image (ie, ... Do You Yahoo!? ...
    (Focus-Microsoft)
  • Re: hijack this startup - can someone tell me the hack i am experienci
    ... | *Registry key not found* ... | *Registry value not found* ... | Autorun entries from Registry: ... | Intel82801 Audio Driver Install Service: ...
    (microsoft.public.windowsxp.security_admin)
  • Help with Outlook profile script
    ... I would like to have a script that checks if the correct Outlook profile is configured in the users profile. ... Outlook profiles are configured in the following registry key: ...
    (microsoft.public.scripting.vbscript)
  • Re: Cannot Delete Registry Key
    ... > to the permissions on the bad key, ... >> [[Incorrectly editing the registry may severely damage your system. ... >> take ownership of the registry key by the current owner. ... >> MS-MVP Windows Shell/User ...
    (microsoft.public.windowsxp.security_admin)