Invisible process?

Discussion in 'Trojan Defence Suite' started by Paragon, Nov 20, 2002.

Thread Status:
Not open for further replies.
  1. Paragon

    Paragon Guest

    A recent scan with TDS-3 showed c:\tmp0001.$$$ as a possible password stealer (Generic detection). I didn't recognize this file, so I tried to delete it (appears to be temporary anyway). I couldn't delete it though. So I tried to terminate it first using TDS, but it couldn't be terminated. So I figured I'd check it out with another process explorer (TaskInfo2002). It didn't show up as a running process. I clicked the tab to view all open files, and it showed up there, so I tried to figure out which process was using it. None of them showed up as using that file though.
    I went back to TDS and extracted strings from the file, (which could only be done through TDS [Bintext wouldn't work]). It took a while as the file was 2Mb. Anyway, the only readable text was in reference to Diamondcs and TDS-2, which is a version I never had. I've only used TDS-3. Odd.
    I rebooted the computer and tried to delete it again, but it still said it was in use by windows. Same as before. I checked various autostart methods, but couldn't figure out how it was starting up. So, I set my autoexec.bat file to delete it and rebooted. It's now gone, and everything seems to be exactly the same. But my problem is, I don't know what the file was, I don't know where it came from, or how it got there, and I don't know if it was somehow running invisibly, or if some other process was using it. If so, I couldn't seem to figure out which one.
     
  2. Loki

    Loki Registered Member

    Joined:
    May 26, 2002
    Posts:
    193
    Location:
    Lake Worth, Florida, USA
    Hi Paragon,

    Why not zip it and send to TDS? They will check the file and respond to you about it.
     
  3. Paragon

    Paragon Guest

    Yeah, I thought of that, and a few more things I could have done, but only after I had already deleted the file. :doubt:
     
  4. Loki

    Loki Registered Member

    Joined:
    May 26, 2002
    Posts:
    193
    Location:
    Lake Worth, Florida, USA
    Hi Paragon,

    Yeah I know that one. I did it once so now I try to do things in steps... panic :D, run around screaming :D then remember that I have TDS :D

    Oh and thanks for that link in my post.

    Loki :cool:
     
  5. Paragon

    Paragon Guest

    No problem. :) Hope you find it helpful.
     
Thread Status:
Not open for further replies.