a13x
07-01-2004, 11:48 AM
I use Sygate Personal Firewall and it reported that C:\Windows\services.exe is trying to access Microsoft's site. I blocked it's access since a think it is somekind of a fake. I deleted it and then after restart it appeared in the same place and of course tried to access Microsoft. I downloaded Security Task Manager to check it. I used STM to quarantine it. Everything was ok until restart.
I have to say that I've also scanned my entire system with Symantec AntiVirus, TDS3 and Ad-aware 6.0 and none found it as harmfull.
This is the text in file that I found using Security Task Manager:
You can realize that this is no Windows component by looking at the end of the text.
///////////////////////////////////////////////////////////////////////////////////
Software\Microsoft\RAS Autodial\Control
Please choose the installation directory
The instruction at 0x77f5215c referenced memory at 0x00d0158. The memory could not be written.
Click on OK to terminate the program.
SOFTWARE\Microsoft\Active Setup\Installed Components\44AC6201B20310CC1F32A0BC12E2014D
Runtime error at 00
Service Pack 1
as cho
----------------
LoadLibraryA
QR\chRJi8tLQI
si8LaPo
dowsDo
Wgbe
Quy/
urz9Kybo
evba
ThadrI
Ee\r
kern5l
aRuyme R
a_fucpk
Efca
ulRnFb
dialCf0
oftware\LMvs
Dwabl
ihdwVT
egistrSvcPo
Phek
uZXeElcLhlB
\piI
caM9ulPYz
FPUMaskVlue
WARE\BorlandDeqphiRTpL
CCaj
SHBrowseForFolderA
shell32.dll
InternetCloseHandle
InternetOpenA
InternetOpenUrlA
InternetReadFile
wininet.dll
DispatchMessageA
GetMessageA
MessageBoxA
TranslateMessage
CloseHandle
CopyFileA
CreateFileA
CreateMutexA
FreeLibrary
GetCurrentProcessId
GetFileTime
GetLastError
GetProcAddress
GetSystemDirectoryA
GetVersionExA
GetWindowsDirectoryA
LoadLibraryA
SetFileAttributesA
SetFileTime
Sleep
SuspendThread
WinExec
lstrcmpiA
kernel32.dll
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegSetValueExA
advapi32.dll
GetModuleHandleA
LocalAlloc
TlsGetValue
TlsSetValue
kernel32.dll
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
advapi32.dll
CharNextA
MessageBoxA
GetKeyboardType
GetStdHandle
RaiseException
RtlUnwind
UnhandledExceptionFilter
WriteFile
CreateThread
ExitProcess
FreeLibrary
GetCommandLineA
GetModuleFileNameA
GetStartupInfoA
GetCurrentThreadId
LocalAlloc
LocalFree
VirtualAlloc
VirtualFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
kernel32.dll
wK/w.wa
C\WINDOWS\System32
Error
a_****
StubPath
mssyncr.exe
services.exe
Explorer.exe
Application Error
http//ww.cruelintentionz.net/index.php
http//ww.geocities.com/cristina8_white/[censored].txt
http//ww.microsoft.com/
LoginSessionDisable
RegisterServiceProcess
FPUMaskValue
SOFTWARE\Borland\Delphi\RTL
////////////////////////////////////////////////////////////////////////////////////
I have to say that I've also scanned my entire system with Symantec AntiVirus, TDS3 and Ad-aware 6.0 and none found it as harmfull.
This is the text in file that I found using Security Task Manager:
You can realize that this is no Windows component by looking at the end of the text.
///////////////////////////////////////////////////////////////////////////////////
Software\Microsoft\RAS Autodial\Control
Please choose the installation directory
The instruction at 0x77f5215c referenced memory at 0x00d0158. The memory could not be written.
Click on OK to terminate the program.
SOFTWARE\Microsoft\Active Setup\Installed Components\44AC6201B20310CC1F32A0BC12E2014D
Runtime error at 00
Service Pack 1
as cho
----------------
LoadLibraryA
QR\chRJi8tLQI
si8LaPo
dowsDo
Wgbe
Quy/
urz9Kybo
evba
ThadrI
Ee\r
kern5l
aRuyme R
a_fucpk
Efca
ulRnFb
dialCf0
oftware\LMvs
Dwabl
ihdwVT
egistrSvcPo
Phek
uZXeElcLhlB
\piI
caM9ulPYz
FPUMaskVlue
WARE\BorlandDeqphiRTpL
CCaj
SHBrowseForFolderA
shell32.dll
InternetCloseHandle
InternetOpenA
InternetOpenUrlA
InternetReadFile
wininet.dll
DispatchMessageA
GetMessageA
MessageBoxA
TranslateMessage
CloseHandle
CopyFileA
CreateFileA
CreateMutexA
FreeLibrary
GetCurrentProcessId
GetFileTime
GetLastError
GetProcAddress
GetSystemDirectoryA
GetVersionExA
GetWindowsDirectoryA
LoadLibraryA
SetFileAttributesA
SetFileTime
Sleep
SuspendThread
WinExec
lstrcmpiA
kernel32.dll
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegSetValueExA
advapi32.dll
GetModuleHandleA
LocalAlloc
TlsGetValue
TlsSetValue
kernel32.dll
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
advapi32.dll
CharNextA
MessageBoxA
GetKeyboardType
GetStdHandle
RaiseException
RtlUnwind
UnhandledExceptionFilter
WriteFile
CreateThread
ExitProcess
FreeLibrary
GetCommandLineA
GetModuleFileNameA
GetStartupInfoA
GetCurrentThreadId
LocalAlloc
LocalFree
VirtualAlloc
VirtualFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
kernel32.dll
wK/w.wa
C\WINDOWS\System32
Error
a_****
StubPath
mssyncr.exe
services.exe
Explorer.exe
Application Error
http//ww.cruelintentionz.net/index.php
http//ww.geocities.com/cristina8_white/[censored].txt
http//ww.microsoft.com/
LoginSessionDisable
RegisterServiceProcess
FPUMaskValue
SOFTWARE\Borland\Delphi\RTL
////////////////////////////////////////////////////////////////////////////////////