Security Basics mailing list archives

Re: Unknown Windows Service suspected Worm/Virus

From: Über GuidoZ <uberguidoz () gmail com>
Date: Thu, 9 Sep 2004 13:59:01 -0400

Have you tried to get information from the file (EXE/DLL) starting
this service? It should be listed in the run command (Start -> Run ->
msconfig) somewhere. You may also check out the StartupCPL program
from Mike Lin (http://www.mlin.net/StartupCPL.shtml), the standalone
EXE version works beautifully.

Once you have located the file the service is run from, get the
properties of it and see what you can see. Open it in Notepad and see
what you can read. You may also try running it through
www.VirusTotal.com - it will be scanned with a handful of AV programs,
all with the latest virus definitions. This will usually solve the
problem as the heuristics will find stuff frequently.

Best of luck.

-- 
Peace. ~G


On Wed, 08 Sep 2004 14:30:39 -0600, Neil Verkland <verklandn () macewan ca> wrote:

I'm looking for information on the following windows XP service that was
found installed on various systems that have XP-SP2 installed and have
been virus scanned as clean.

Servicio de Agenda de Alejandria

If anyone can identify this windows service please respond. Systems
with this service seem to reboot automagically and terminal services is
started and I am unable to stop the service via the control panel.
Please also respond with the command line to stop a service. My windows
skill are not as prolific as Solaris. Thanks.

Neil S. Verkland, B.Sc.C.S.
Manager, Learning and Information Systems
Grant MacEwan College


---------------------------------------------------------------------------
Computer Forensics Training at the InfoSec Institute. All of our class sizes
are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand skills of
a certified computer examiner, learn to recover trace data left behind by
fraud, theft, and cybercrime perpetrators. Discover the source of computer
crime and abuse so that it never happens again.

http://www.infosecinstitute.com/courses/computer_forensics_training.html
----------------------------------------------------------------------------

Current thread:

Unknown Windows Service suspected Worm/Virus Neil Verkland (Sep 08)
- Re: Unknown Windows Service suspected Worm/Virus Über GuidoZ (Sep 11)
- <Possible follow-ups>
- RE: Unknown Windows Service suspected Worm/Virus Neil Verkland (Sep 10)
  - Re: Unknown Windows Service suspected Worm/Virus Ansgar -59cobalt- Wiechers (Sep 13)
  - Re: Unknown Windows Service suspected Worm/Virus Über GuidoZ (Sep 13)
- RE: Unknown Windows Service suspected Worm/Virus Hayden Searle (Sep 10)
- RE: Unknown Windows Service suspected Worm/Virus Prasanna M (Sep 13)