BreadCrumbs: What is this program
What is this program
From Luke Jackson
(Difference between revisions)
| Revision as of 19:31, 11 April 2007 (edit) Ljackson (Talk | contribs) ← Previous diff |
Current revision (19:45, 11 April 2007) (edit) Ljackson (Talk | contribs) (→Sources) |
||
| Line 9: | Line 9: | ||
| Please keep in mind that there are viruses that use similar tactics to conceal them selfs. If the file is not exactly as described above it is most likely a virus. Please only use this as a reference and conduct your own investigation on the suspect file(s). | Please keep in mind that there are viruses that use similar tactics to conceal them selfs. If the file is not exactly as described above it is most likely a virus. Please only use this as a reference and conduct your own investigation on the suspect file(s). | ||
| + | |||
| + | == Sources == | ||
| + | |||
| + | http://forums.majorgeeks.com/archive/index.php/t-43052 | ||
| + | |||
| + | http://www.hijackthis-forum.de/archive/index.php/t-118.html | ||
| + | |||
| [[Category:Windows XP]] | [[Category:Windows XP]] | ||
| [[Category:Windows 2003 Server]] | [[Category:Windows 2003 Server]] | ||
Current revision
[edit]
Dog icon, 169k in size, random filenames, C:\Windows\Temp folder
This is an extension of the Trend Micro Office Scan application. It runs in this manner to protect it's self from attack. You can be sure this is a Trend Micro file by the following criteria:
- Randomized and capitalized 6 character alphanumeric filename ending in .EXE
- Process icon is a brown running dog
- File size is 169 kilobytes
- Location is C:\Windows\Temp\
Please keep in mind that there are viruses that use similar tactics to conceal them selfs. If the file is not exactly as described above it is most likely a virus. Please only use this as a reference and conduct your own investigation on the suspect file(s).
[edit]