RE: Win2K and Lview.exe -- am I infected?
From: Vachon, Scott (Scott.Vachon@Paymentech.com)Date: 12/11/01
- Previous message: Linda Wright: "Re: Exchange 2000"
- Maybe in reply to: JJ Driscoll: "Win2K and Lview.exe -- am I infected?"
- Next in thread: Kevin Brown: "RE: Win2K and Lview.exe -- am I infected?"
- Reply: Kevin Brown: "RE: Win2K and Lview.exe -- am I infected?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Vachon, Scott" <Scott.Vachon@Paymentech.com> To: security-basics@securityfocus.com Date: Tue, 11 Dec 2001 10:47:01 -0600
>I discovered that I can go to Task Manager -- Processes, and kill the
>process " wowexec.exe" (with the leading space) and everything will be
>restored to normal behavior.
>Any idea if I have been infected with something and what I can do about
>it?
I don't think you are infected. The wowexec.exe is used (and my explanation
may be somewhat off) to run legacy (or 16 bit) programs on the newer
Microsoft OS's. As it was explained to me, it is a virtual dos window to run
the program in. Unfortunately, this doesn't always function well and you get
a lock up or slow down (I believe it accesses the kernel directly and thus
the effect on the entire system). If you watch the processes tab of the task
manager window when you open the program, you will see the CPU spike to
95-100 percent utilization ! You should find a version of the program you
are running that is compatible with the OS and/or 32 bit vs. 16 bit.
Disclaimer: My own two cents, probably a little off but, in the ballpark.
~S~
- Previous message: Linda Wright: "Re: Exchange 2000"
- Maybe in reply to: JJ Driscoll: "Win2K and Lview.exe -- am I infected?"
- Next in thread: Kevin Brown: "RE: Win2K and Lview.exe -- am I infected?"
- Reply: Kevin Brown: "RE: Win2K and Lview.exe -- am I infected?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
