Re: Unknown Windows Service suspected Worm/Virus

From: Qber_GuidoZ?= (uberguidoz_at_gmail.com)
Date: 09/09/04

  • Next message: Bénoni MARTIN: "RE: RE: a tool like nestat"
    Date: Thu, 9 Sep 2004 13:59:01 -0400
    To: Neil Verkland <verklandn@macewan.ca>
    
    

    Have you tried to get information from the file (EXE/DLL) starting
    this service? It should be listed in the run command (Start -> Run ->
    msconfig) somewhere. You may also check out the StartupCPL program
    from Mike Lin (http://www.mlin.net/StartupCPL.shtml), the standalone
    EXE version works beautifully.

    Once you have located the file the service is run from, get the
    properties of it and see what you can see. Open it in Notepad and see
    what you can read. You may also try running it through
    www.VirusTotal.com - it will be scanned with a handful of AV programs,
    all with the latest virus definitions. This will usually solve the
    problem as the heuristics will find stuff frequently.

    Best of luck.

    -- 
    Peace. ~G
    On Wed, 08 Sep 2004 14:30:39 -0600, Neil Verkland <verklandn@macewan.ca> wrote:
    > I'm looking for information on the following windows XP service that was
    > found installed on various systems that have XP-SP2 installed and have
    > been virus scanned as clean.
    > 
    > Servicio de Agenda de Alejandria
    > 
    > If anyone can identify this windows service please respond. Systems
    > with this service seem to reboot automagically and terminal services is
    > started and I am unable to stop the service via the control panel.
    > Please also respond with the command line to stop a service. My windows
    > skill are not as prolific as Solaris. Thanks.
    > 
    > Neil S. Verkland, B.Sc.C.S.
    > Manager, Learning and Information Systems
    > Grant MacEwan College
    ---------------------------------------------------------------------------
    Computer Forensics Training at the InfoSec Institute. All of our class sizes
    are guaranteed to be 12 students or less to facilitate one-on-one
    interaction with one of our expert instructors. Gain the in-demand skills of
    a certified computer examiner, learn to recover trace data left behind by
    fraud, theft, and cybercrime perpetrators. Discover the source of computer
    crime and abuse so that it never happens again.
    http://www.infosecinstitute.com/courses/computer_forensics_training.html
    ----------------------------------------------------------------------------
    

  • Next message: Bénoni MARTIN: "RE: RE: a tool like nestat"

    Relevant Pages

    • Unknown Windows Service suspected Worm/Virus
      ... If anyone can identify this windows service please respond. ... started and I am unable to stop the service via the control panel. ... Please also respond with the command line to stop a service. ...
      (Security-Basics)
    • RE: re-setting boot partition
      ... Description of the Windows 2000 Recovery Console ... For a Microsoft Windows XP version of this article, ... MB of hard disk space on your system partition to hold the Cmdcons folder ... Windows NTBoot Console Command Interpreter. ...
      (microsoft.public.win2000.setup_upgrade)
    • RE: Win2000 Upgrade to SP3 Express Setup error.
      ... Start your computer with the Windows Setup floppy disks, ... MB of hard disk space on your system partition to hold the Cmdcons folder ... Windows NTBoot Console Command Interpreter. ... you cannot copy a file from the local hard disk to a floppy disk. ...
      (microsoft.public.win2000.setup_upgrade)
    • Re: gnome-list Digest, Vol 109, Issue 9
      ... You got a blinking command prompt. ... Prior to Mac and Windows, ... gnome3, yet another negative feedback ... DE developers, you have my support. ...
      (GNOME)
    • RE: Locating corrupt driver
      ... This article describes the functionality and limitations of the Windows ... Create and format partitions on drives. ... MB of hard disk space on your system partition to hold the Cmdcons folder ... Windows NTBoot Console Command Interpreter. ...
      (microsoft.public.win2000.applications)