ever normal for a process to inject into another one?

Discussion in 'other anti-virus software' started by colt45allstar, Jul 5, 2006.

Thread Status:
Not open for further replies.
  1. colt45allstar

    colt45allstar Registered Member

    Joined:
    Jun 9, 2006
    Posts:
    65
    I've got various warnings with my Kaspersky Proactive Defense today.

    They include the following:

    When I attempt to update my Trojan Hunter 4.5 I get the following message (note it only occurs when I open up the Trojan Hunter scanner and then run live update. When I simply run live update without opening up the scanner it doesn't occur.... Also the options for all the warnings are allow,deny and terminate. In addition if I use allow, I can put it in the trusted zone and therefor get no further warnings about that particular process doing that particular action

    anyway here goes:

    Riskware:
    Invader

    Running Process (PID: 1200):
    \TrojanHunter.exe

    Action

    Process is trying to inject into another process.
    This behaviour is typical of some malicious programs.

    When I click details it says that C:\ProgramFiles\TrojanHunter 4.5\TrojanHunter.exe (PID:1200) is trying to inject into C:\ProgramFiles\TrojanHunter 4.5\Tools\Liveupdate\LiveUpdate.exe (PID:174:cool:

    I'm assuming that's fine.. seeing how they are both Trojan Hunter processes it seems.. just wanted to confirm, as I've heard bad things about processes injecting into other processes.

    In addition I've got warnings like the following (all of which were also marked as Riskware: Invader... except that one was marked Riskware: Invader Loader)

    7/5/2006 1:01:10 AM C:\WINDOWS\system32\svchost.exe Process C:\WINDOWS\system32\svchost.exe (PID: 1776) is trying to inject into process C:\Program Files\Logitech\Video\AlbumDB2.exe (PID: 370:cool:.

    7/5/2006 1:06:08 AM C:\WINDOWS\Explorer.EXE Process C:\WINDOWS\Explorer.EXE (PID: 324) is trying to inject into process C:\Program Files\a-squared\a2start.exe (PID: 3336).

    7/5/2006 1:06:11 AM C:\Program Files\a-squared\a2start.exe Process C:\Program Files\a-squared\a2start.exe (PID: 3336) is trying to inject into process C:\Program Files\a-squared\a2upd.exe (PID: 444).

    7/5/2006 1:11:34 AM C:\Program Files\TrojanHunter 4.5\THGuard.exe Process C:\Program Files\TrojanHunter 4.5\THGuard.exe (PID: 2000) is trying to inject into process C:\Program Files\TrojanHunter 4.5\Tools\LiveUpdate\LiveUpdate.exe (PID: 38:cool:.

    Any of those seem suspect?!? Is the mere fact that processes are trying to inject into other processes... cause for concern by default?!? Is so any ideas of what might be causing this?

    Thanks!
     
    Last edited: Jul 5, 2006
  2. colt45allstar

    colt45allstar Registered Member

    Joined:
    Jun 9, 2006
    Posts:
    65
    Sorry to bump my own thread.. and I promise it won't be done again. (if noone replies this time, they don't reply simple as that)

    Just feel this is important that I get some feedback on this.
     
  3. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    hmm...most of them seem to be legitimate. I mean TrojanHunter tries to inject into its own files the code. I think there is nothing wrong there. Perhaps somebody having more experience than me can tell you more. :D
     
Thread Status:
Not open for further replies.