Re: System Process (PID 8) creates mail

From: wkrueger@xxxxxxxxx
Date: 4 Apr 2006 07:05:28 -0700

I used Process Explorer to see what was under the System Process
listing. I then used TDI Monitor from sysinternals to see which of the
apps under System were trying to send email. I found something called
msdxdsvc.exe that was trying to send email. I looked at the properties
and it was listed as a .Net application. Tricky... but there was no
msdxdsvc found on google, MS' website, nor 6 machines I had here in the
office - all of which had .net installed.
I used kill to stop this app, deleted it, then rebooted. The flow of
email from this machine finally stopped.
Thanks - Steven - your tips got me in the right direction to stop this
attack. I just heated the thought of a reformat/rebuild of this machine.

.

Follow-Ups:
- Re: System Process (PID 8) creates mail
  - From: Roger Abell [MVP]

References:
- System Process (PID 8) creates mail
  - From: wkrueger
- Re: System Process (PID 8) creates mail
  - From: Steven L Umbach
- Re: System Process (PID 8) creates mail
  - From: wkrueger

Prev by Date: Re: System Process (PID 8) creates mail
Next by Date: Re: Windows XP downloading/installation/digital signatures issue
Previous by thread: Re: System Process (PID 8) creates mail
Next by thread: Re: System Process (PID 8) creates mail
Index(es):
- Date
- Thread

Relevant Pages

Re: rundll32.exe
... Sysinternals is used for varying issues. ... Am only aiding as per the mention of Process Explorer (which doesn't seem to ... 2004 Windows MVP "Winny" Award ... > apps. ...
(microsoft.public.windowsxp.general)
Re: Process explorer help please: SOLVED
... "process explorer" is able to analyze the processes and threads the cpu ... the branches atarts with the system process. ... In the CPU column it says ... System explorer might have been hogging CPU time, but turning off the ...
(microsoft.public.windowsxp.general)
Re: browser hangs periodically.
... I tried to use the browser again and observed the process explorer cpu % ... However none of the process under the System process node is having any cpu ...
(microsoft.public.windowsxp.basics)
Re: Troubleshooting System Process - Need Help Please
... He talks about using Process Monitor and also mentions setting up symbols ... If i open the System process Threads using latest version of Proc ... "Cannot access stack information. ... Process Explorer cannot access the support in the Windows Debugging ...
(microsoft.public.win32.programmer.kernel)
Troubleshooting System Process - Need Help Please
... If i open the System process Threads using latest version of Proc ... I always see the thread that maxes out the cpu is ... "Cannot access stack information. ... Process Explorer cannot access the support in the Windows Debugging ...
(microsoft.public.win32.programmer.kernel)