Security Basics mailing list archives
Re: Unknown Windows Service suspected Worm/Virus
From: Über GuidoZ <uberguidoz () gmail com>
Date: Thu, 9 Sep 2004 13:59:01 -0400
Have you tried to get information from the file (EXE/DLL) starting this service? It should be listed in the run command (Start -> Run -> msconfig) somewhere. You may also check out the StartupCPL program from Mike Lin (http://www.mlin.net/StartupCPL.shtml), the standalone EXE version works beautifully. Once you have located the file the service is run from, get the properties of it and see what you can see. Open it in Notepad and see what you can read. You may also try running it through www.VirusTotal.com - it will be scanned with a handful of AV programs, all with the latest virus definitions. This will usually solve the problem as the heuristics will find stuff frequently. Best of luck. -- Peace. ~G On Wed, 08 Sep 2004 14:30:39 -0600, Neil Verkland <verklandn () macewan ca> wrote:
I'm looking for information on the following windows XP service that was found installed on various systems that have XP-SP2 installed and have been virus scanned as clean. Servicio de Agenda de Alejandria If anyone can identify this windows service please respond. Systems with this service seem to reboot automagically and terminal services is started and I am unable to stop the service via the control panel. Please also respond with the command line to stop a service. My windows skill are not as prolific as Solaris. Thanks. Neil S. Verkland, B.Sc.C.S. Manager, Learning and Information Systems Grant MacEwan College
--------------------------------------------------------------------------- Computer Forensics Training at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse so that it never happens again. http://www.infosecinstitute.com/courses/computer_forensics_training.html ----------------------------------------------------------------------------
Current thread:
- Unknown Windows Service suspected Worm/Virus Neil Verkland (Sep 08)
- Re: Unknown Windows Service suspected Worm/Virus Über GuidoZ (Sep 11)
- <Possible follow-ups>
- RE: Unknown Windows Service suspected Worm/Virus Neil Verkland (Sep 10)
- Re: Unknown Windows Service suspected Worm/Virus Ansgar -59cobalt- Wiechers (Sep 13)
- Re: Unknown Windows Service suspected Worm/Virus Über GuidoZ (Sep 13)
- RE: Unknown Windows Service suspected Worm/Virus Hayden Searle (Sep 10)
- RE: Unknown Windows Service suspected Worm/Virus Prasanna M (Sep 13)