BreadCrumbs: What is this program

What is this program

From Luke Jackson

(Difference between revisions)
Jump to: navigation, search
Revision as of 19:45, 11 April 2007 (edit)
Ljackson (Talk | contribs)

← Previous diff
Current revision (19:45, 11 April 2007) (edit)
Ljackson (Talk | contribs)
(Sources)
 
Line 13: Line 13:
http://forums.majorgeeks.com/archive/index.php/t-43052 http://forums.majorgeeks.com/archive/index.php/t-43052
-http://forums.majorgeeks.com/archive/index.php/t-43052+ 
 +http://www.hijackthis-forum.de/archive/index.php/t-118.html
[[Category:Windows XP]] [[Category:Windows XP]]
[[Category:Windows 2003 Server]] [[Category:Windows 2003 Server]]

Current revision

Dog icon, 169k in size, random filenames, C:\Windows\Temp folder

This is an extension of the Trend Micro Office Scan application. It runs in this manner to protect it's self from attack. You can be sure this is a Trend Micro file by the following criteria:

  • Randomized and capitalized 6 character alphanumeric filename ending in .EXE
  • Process icon is a brown running dog
  • File size is 169 kilobytes
  • Location is C:\Windows\Temp\

Please keep in mind that there are viruses that use similar tactics to conceal them selfs. If the file is not exactly as described above it is most likely a virus. Please only use this as a reference and conduct your own investigation on the suspect file(s).

Sources

http://forums.majorgeeks.com/archive/index.php/t-43052

http://www.hijackthis-forum.de/archive/index.php/t-118.html

Personal tools