springer
October 27th, 2005, 08:00 PM
Short version, did a precautionary online scan with BitDefender yesterday, which turned up an infection. Double checked with Kaspersky, same thing.
Still not convinced, ran the file, "CISVCS.EXE" through jotti.org file scan, which came back with this:
{QUOTE-> AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found Trojan.Downloader.Small.VL, Trojan.PWS.Bispy
ClamAV Found nothing
Dr.Web Found Adware.CnfSearch, Trojan.DownLoader.939
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found not-a-virus:AdWare.Win32.StickyPops.a, Trojan-Downloader.Win32.Lookme.g, Trojan-Dropper.Win32.Agent.og, not-a-virus:AdWare.Win32.Sidesearch.c, not-a-virus:AdWare.Win32.ClearSearch.f
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found nothing <-QUOTE}
??????????
Went back to Kaspersky and scanned the one file, which returned...
{QUOTE-> Scanned file: CISVCS.EXE
CISVCS.EXE/data0001 - OK
CISVCS.EXE/data0002 - infected by not-a-virus:AdWare.Win32.StickyPops.a
CISVCS.EXE/data0003 - OK
CISVCS.EXE/data0004 - OK
CISVCS.EXE/data0005 - OK
CISVCS.EXE/data0006 - OK
CISVCS.EXE/data0007 - OK
CISVCS.EXE/data0008 - OK
CISVCS.EXE/data0009 - OK
CISVCS.EXE/data0010 - OK
CISVCS.EXE/data0011 - OK
CISVCS.EXE/data0012 - OK
CISVCS.EXE/data0013 - infected by Trojan-Downloader.Win32.Lookme.g
CISVCS.EXE/data0014 - infected by Trojan-Dropper.Win32.Agent.og
CISVCS.EXEdata0015/stream/data0001 - infected by not-a-virus:AdWare.Win32.Sidesearch.c
CISVCS.EXE/data0015/stream/data0002 - OK
CISVCS.EXE/data0015/stream/data0003 - OK
CISVCS.EXE/data0015/stream/data0004 - OK
CISVCS.EXEdata0015/stream/data0005 - infected by not-a-virus:AdWare.Win32.ClearSearch.f
CISVCS.EXE/data0015/stream/data0006 - OK
CISVCS.EXE/data0015/stream/data0007 - OK
CISVCS.EXE/data0016 - OK
CISVCS.EXE/data0017 - OK
Statistics:
Known viruses: 156695 Updated: 27-10-2005
File size (Kb): 524 Virus bodies: 5
Files: 23 Warnings: 0
Archives: 3 Suspicious: 0 <-QUOTE}
What I'm trying to figure out here first off is, what kind of file/app is "CISVCS.EXE"? Google turns up virtually nothing. Symantec search, nothing. Searches anywhere I can search, nothing.
There is a similar app called, "cisvc.exe", which is listed as a "indexing service", and this one shows up twice on my hardrive. The similarty, I'm thinking, suggests that the mystery file also is an indexing service...or on the other hand, it's a malware file designed to mimic the indexing file...or something like that.
I'd like to just gas the damn thing and be done with it...but I'd first like to know if I'm causing a problem doing so. (I don't want vaporize into a wormhole and reappear on the other side of the galaxy...where there' no hockey games or beer, eh?)
HiJackThis scan turns up nothing I can't readily identify with my software.
AVG Free, AdAware, and MS Anti-spyware turn up nothing. Zone Alarms new spyware detector today finds nothing, as does Bazooka.
I'm thinking this is a false positive, perhaps generated by data within the file on spyware, possibly from another av/anti-spyware program. This has happened to me before, conflict-wise.
Anyway...
Anyone here ever come across this one before???
I see there's a thread here from about a year ago that starts off with a finding very similar to what I have here...but I don't see in that thread where it was resolved.
??? ??? ???
Last point: A properties check on the file reveals no authorship or discription, so I have no idea where it came from, other than it's been there since June of 2004.
Still not convinced, ran the file, "CISVCS.EXE" through jotti.org file scan, which came back with this:
{QUOTE-> AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found Trojan.Downloader.Small.VL, Trojan.PWS.Bispy
ClamAV Found nothing
Dr.Web Found Adware.CnfSearch, Trojan.DownLoader.939
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found not-a-virus:AdWare.Win32.StickyPops.a, Trojan-Downloader.Win32.Lookme.g, Trojan-Dropper.Win32.Agent.og, not-a-virus:AdWare.Win32.Sidesearch.c, not-a-virus:AdWare.Win32.ClearSearch.f
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found nothing <-QUOTE}
??????????
Went back to Kaspersky and scanned the one file, which returned...
{QUOTE-> Scanned file: CISVCS.EXE
CISVCS.EXE/data0001 - OK
CISVCS.EXE/data0002 - infected by not-a-virus:AdWare.Win32.StickyPops.a
CISVCS.EXE/data0003 - OK
CISVCS.EXE/data0004 - OK
CISVCS.EXE/data0005 - OK
CISVCS.EXE/data0006 - OK
CISVCS.EXE/data0007 - OK
CISVCS.EXE/data0008 - OK
CISVCS.EXE/data0009 - OK
CISVCS.EXE/data0010 - OK
CISVCS.EXE/data0011 - OK
CISVCS.EXE/data0012 - OK
CISVCS.EXE/data0013 - infected by Trojan-Downloader.Win32.Lookme.g
CISVCS.EXE/data0014 - infected by Trojan-Dropper.Win32.Agent.og
CISVCS.EXEdata0015/stream/data0001 - infected by not-a-virus:AdWare.Win32.Sidesearch.c
CISVCS.EXE/data0015/stream/data0002 - OK
CISVCS.EXE/data0015/stream/data0003 - OK
CISVCS.EXE/data0015/stream/data0004 - OK
CISVCS.EXEdata0015/stream/data0005 - infected by not-a-virus:AdWare.Win32.ClearSearch.f
CISVCS.EXE/data0015/stream/data0006 - OK
CISVCS.EXE/data0015/stream/data0007 - OK
CISVCS.EXE/data0016 - OK
CISVCS.EXE/data0017 - OK
Statistics:
Known viruses: 156695 Updated: 27-10-2005
File size (Kb): 524 Virus bodies: 5
Files: 23 Warnings: 0
Archives: 3 Suspicious: 0 <-QUOTE}
What I'm trying to figure out here first off is, what kind of file/app is "CISVCS.EXE"? Google turns up virtually nothing. Symantec search, nothing. Searches anywhere I can search, nothing.
There is a similar app called, "cisvc.exe", which is listed as a "indexing service", and this one shows up twice on my hardrive. The similarty, I'm thinking, suggests that the mystery file also is an indexing service...or on the other hand, it's a malware file designed to mimic the indexing file...or something like that.
I'd like to just gas the damn thing and be done with it...but I'd first like to know if I'm causing a problem doing so. (I don't want vaporize into a wormhole and reappear on the other side of the galaxy...where there' no hockey games or beer, eh?)
HiJackThis scan turns up nothing I can't readily identify with my software.
AVG Free, AdAware, and MS Anti-spyware turn up nothing. Zone Alarms new spyware detector today finds nothing, as does Bazooka.
I'm thinking this is a false positive, perhaps generated by data within the file on spyware, possibly from another av/anti-spyware program. This has happened to me before, conflict-wise.
Anyway...
Anyone here ever come across this one before???
I see there's a thread here from about a year ago that starts off with a finding very similar to what I have here...but I don't see in that thread where it was resolved.
??? ??? ???
Last point: A properties check on the file reveals no authorship or discription, so I have no idea where it came from, other than it's been there since June of 2004.