RE: Anyone know what "piiserviceO" is?

From: Amer Karim (
Date: 09/03/02

From: "Amer Karim" <>
To: "H C" <>, "Focus on Microsoft Mailing List" <FOCUS-MS@SECURITYFOCUS.COM>
Date: Tue, 3 Sep 2002 11:26:55 -0700

I went through all those steps, and posted only when I could find no info at
all. There was no entry, other than the key name, in the registry key. I
ran fport to see if there were any open ports associated with it, or any
'strange' ports open, and found nothing that wasn't supposed to be there.
The other tools also returned no info on it, which is why I decided to
delete the reg entry associated with to see if it would have an effect on
the system. It didn't, so I was left with what appeared to be an entry in
the 'Run' branch of the registry that apparently didn't do anything. Hence
the post here to see if anyone else had heard of this thing. I've come to
believe it may have something to do with the Palm Software (refer to
previous message) but haven't been able to verify this. Sorry, I should
have given more detail as to what I did before I deleted the reg keys. The
thing that has me flummoxed is that there seems to be no info on this thing,
other than
win95/5527.piiservice.gif, and I'm not sure how relevant that would be to a
W2K system.

Thanks for the suggestions, though. If I find anything new, I'll let you

Amer Karim
Nautilis Information Systems

-----Original Message-----
From: H C []
Sent: September 3, 2002 10:57
To: Amer Karim; Focus on Microsoft Mailing List
Subject: Re: Anyone know what "piiserviceO" is?


> I was just doing some cleaning up on my home system
> (W2K Pro SP3) and I
> noticed this ?piiserviceO? in the processes list. I
> found it in the
> registry under
> but I
> can?t find any info on it either at MSKB or via
> google searches. I?ve
> deleted the key and haven?t noticed any change in
> the systems behaviour, but
> I?d like to know what it is (or was)?

As with other cases like this..."I got rid of it but
now I want to know what it was"...there are a lot more
questions than answers:

1. What was the full entry to the Registry key? Was
there a path to the process image (ie, executable

2. Did you happen to run pslist.exe, handle.exe,
listdlls.exe (from SysInternals), and fport.exe (from
FoundStone) to gather any information about the
process? Handle.exe and listdlls.exe provide such
information as the process owner, full image path,
command line, and which modules (DLLs) are in use.

3. You mentioned that you searched for a file by that
name, but didn't find did you conduct
your search? By hand, or by using the Find
capability? Or did you search by the path that you
found in the Registry?

I've recommended the steps in #2 above to the list
before, in order for folks to gather more information
regarding the incident.

If you do end up finding a copy of the file on your
system, I'd greatly appreciate a zipped up copy of it
for review.



Do You Yahoo!?
Yahoo! Finance - Get real-time stock quotes