Cpqartqgnrsw service

Discussion in 'malware problems & news' started by Sworda, Oct 12, 2004.

Thread Status:
Not open for further replies.
  1. Sworda

    Sworda Registered Member

    Joined:
    Apr 10, 2003
    Posts:
    2
    This service appeared about 2 weeks ago, shortly after my install of SP2. I could never find any info til today when I ran PsService from sysinternals and although it shows it installed as a service, there isn't much other information there.

    Here's the portion that pertains to this Cpqartqgnrsw service:

    PsService v1.1 - local and remote services viewer/controller
    Copyright (C) 2001-2003 Mark Russinovich
    Sysinternals - www.sysinternals.com

    SERVICE_NAME: Cpqartqgnrsw
    (null)
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 4 DISABLED
    ERROR_CONTROL : 0 IGNORE
    BINARY_PATH_NAME :
    LOAD_ORDER_GROUP : Network
    TAG : 1
    DISPLAY_NAME : Cpqartqgnrsw
    DEPENDENCIES :
    SERVICE_START_NAME:

    Are there any other avenues I can explore to find out what this is and if it's safe to uninstall this service?

    I've just ran both SB S&D and Ad-AwareSE and found nothing that looked like it may be related to this.

    I also just ran a startup list and a regular scan with HJT but will wait to see if it's needed before posting it.

    I will surely appreciate any help I can get with this.
    Thanks all...Sworda
     
  2. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi Sworda, and welcome to Wilders.

    I am not finding anything on this 'service' name. I do not have SP2 installed yet myself, but I am doubtful this is part of SP2.

    Since some viruses, and spyware, do install themselves as services, I would suggest you have your hijackthis log analysed before uninstalling or removing anything.

    We no longer do HijackThis log analysis here at Wilders (see our Posting Policy in this Announcement.) However, you will find a link in the Announcement Post to several other sites that still do provide HijackThis log analysis service.

    Whichever site you decide to go to, please be sure and follow their posting policy before you post your hijackthis log.

    Please let us know how it turns out.

    Regards,

    snap
     
  3. Sweetie(*)(*)

    Sweetie(*)(*) Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    419
    Location:
    Venus
  4. Marja

    Marja Honestly, I'm not a bot!!

    Joined:
    Mar 8, 2004
    Posts:
    4,553
    Location:
    In the Vast Fields of My Mind
    Sworda - Welcome!!

    Not sure if this is what you are seeing? This is #5 on the SANS/FBI's top 20 list of Windows vulnerabilities - if this is your problem, you can get help here:

    CIRT @ CIS @ Brown
    [ http://www.brown.edu/Facilities/CIS/CIRT/help/netbiosnull.html ]


    Marja:cool:


    Just very interesting, either way,no? :)
     
  5. Sworda

    Sworda Registered Member

    Joined:
    Apr 10, 2003
    Posts:
    2
    Thanks for the info folks. I've posted my HJT log to BleepingComputer and await analysis.

    Marja, it looks like you may be on to something and I've quickly perused the link you submitted and am now on information overload :eek:

    I installed IIS shortly after updating to SP2 and had a feeling that something wasn't quite right. I should have listened to those feelings at the time!
    My unease grew more as the days passed and I just uninstalled it a few days ago. I just couldn't seem to lock that program down tight enough:( Learning a new firewall (Kaspersky) and IIS at the same time just had me befuddled beyond recognition...lol

    Well, I'm off to disable NULL sessions and remove that service and when I succeed, this may let me snag the 'family geek' trophy back from my brother :D
    Best regards...SwordaLost
     
Loading...
Thread Status:
Not open for further replies.