Re: Unknown process running

From: Karl Levinson [x y] mvp (levinson_k_at_despammed.com)
Date: 11/13/04 

Date: Sat, 13 Nov 2004 09:12:11 -0500

"Tim" <noanswer@hotmail.com> wrote in message
news:OCcqcCXyEHA.3336@TK2MSFTNGP11.phx.gbl...
> Hi Karl,
> It wouldnt allow me to run the housecall it said applet crashed so how do
I
> check?

There are also on-line virus scanners here:

http://security2.norton.com
http://www.kasperskylabs.com/remoteviruschk.html

> I have also tried running a search for the file but it doesnt appear to be
> there
> It seems to have mysteriuosly disappeared

Is it still listed in the list of running processes?

It could be that the file was actually removed by something you did, or it
is using ADS to conceal itself from the completely inadequate utilities
Microsoft gave you with Windows like Windows Explorer that as recently as
Windows 2003 still hides ADS from you due to poor planning and lack of
foresight. You may be able to see ADS files starting up in the Registry by
using something like MSCONFIG [which doesn't exist in Windows 2000] or
better yet, use both silent runners from www.silentrunners.org and
Autostart Explorer from www.trojanhunter.com/products. ADS is usually
shown in the Registry as c:\folder\filename1:filename2

ADS can also be seen by using a tool like LADS, although note that Windows
uses ADS to hide files relating to image thumbnails and XP SP2 AES security
settings, even though hiding files from the user has proven to be a
monumentally bad security problem.

http://www.heysoft.de/nt/ep-lads.htm or another similar tool is from
www.foundstone.com/knowledge

It could also be that a Windows root kit like Hacker Defender is being used
to hide the file from you. Such root kits can be seen if you download and
run RKDETECT [which can be found by searching www.google.com] You can also
see root kits if you boot to another OS such as the Linux rescue disk from
www.bitdefender.com, or if you scan the computer from another computer via
Windows networking, or if you take the hard drive and slave it in another
windows computer, though these are generally more difficult than running RKD
ETECT.

Relevant Pages

  • Re: Unknown process running
    ... > is using ADS to conceal itself from the completely inadequate utilities ... > Microsoft gave you with Windows like Windows Explorer that as recently as ... > monumentally bad security problem. ... > see root kits if you boot to another OS such as the Linux rescue disk from ...
    (microsoft.public.security)
  • Re: Unsolicited Porn pop-ups
    ... I've dealt with several Windows platforms recently whose owners were ... the site was presented to payees browser window without the ads. ... >I suspect that next in line to porn sites, and next in line to most sites ... >offering free or trial / rogue anti-spyware software that all appear to be ...
    (microsoft.public.windowsxp.general)
  • Re: OT - Apple rejects Iboobs.
    ... Still it all keeps the Apple kool-aid brigade happy. ... I use a computer that allows you run OSX or Windows. ... 'Mac' laptop which does less unless I install WinXP on it? ... "I'm a PC" ads. ...
    (uk.media.tv.misc)
  • Re: The New, that is NEXT, Microsoft TV spots
    ... Carrying the theme "Windows. ... Life without walls," the new ads will show ... been so successfully tarnished by Apple Inc.'s ads during the past two ... and Microsoft Windows) whereas in these ads Microsoft has twisted "PC" ...
    (comp.sys.mac.advocacy)
  • Windows CE Software Engineer Opportunity in Columbia, MD
    ... Title: Windows CE Software Engineer ... Write device drivers and integrate Windows CE to company's embedded single ... board computers. ... Inc. (ADS) is a leading developer of RISC-based ...
    (microsoft.public.windowsce.embedded.vc)