explorer.exe always & services.exe always try to modify other files

Discussion in 'other security issues & news' started by Mr. Y, Dec 17, 2006.

Thread Status:
Not open for further replies.
  1. Mr. Y

    Mr. Y Registered Member

    Joined:
    Jan 11, 2006
    Posts:
    257
    Has anyone noticed- that explorer.exe & services.exe alway try to modify other files?

    It seems to me that this would be a good malware/spyware/keylogger exploitation technique to screw up your computer.

    I use ProcessGuard to block this without any ill effects.
     
  2. Mr. Y

    Mr. Y Registered Member

    Joined:
    Jan 11, 2006
    Posts:
    257
    Why did you move the post here- No one will ever see it

    Why did you move the post here- No one will ever see it
     
  3. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    I saw it :)
    Back to topic.
    Never recogniced this behaviour. Please specify these modificacions?
    Or did you mean that for example explorer.exe queries informations, reads, closes and opens constantly other running processes? This is quiet normal.
     
  4. Mr. Y

    Mr. Y Registered Member

    Joined:
    Jan 11, 2006
    Posts:
    257
    Thanks for the reply-

    1. explorer.exe tries to "modify" many files per ProcessGuard.

    2. explorer.exe tries to "change memory" attributes on many files per SSM.

    As previously stated, I have blocked these explorer.exe actions without any ill effects.

    Additionally explorer.exe will always try to open the "clipboard" if you have previously opened the "clipboard" with another application. I block this with Tiny Personal Firewall without any ill effects.

    My hard drive is not infected- explorer.exe does this after fresh "windows" installations.

    It seems that an excellent malware exploitation technique would be to tie into explorer.exe or services.exe.
     
  5. Mr. Y

    Mr. Y Registered Member

    Joined:
    Jan 11, 2006
    Posts:
    257
    Obviously someone hates me, because they keep moving this post to different forums
     
  6. cprtech

    cprtech Registered Member

    Joined:
    Feb 26, 2006
    Posts:
    335
    Location:
    Canada
    It is rather alarming just how much influence explorer.exe has on other processes, but that is Windows for you. According to SSM on my system, it is a parent to no fewer than 46 objects, all of which are legit. However, I see it as launching other apps, rather than modify or change memory attributes. Services.exe does not have nearly the same influence. Depending on what it is doing on your system, it surprises me that you are seeing no ill effects on blocking it. Can you provide specifics on some of these modifications it is trying to do?
     
  7. Mr. Y

    Mr. Y Registered Member

    Joined:
    Jan 11, 2006
    Posts:
    257
    I don't survey how often Service.exe or Explorer.exe run. And I don't try and figure out what mods they are trying to make to other files- Too hard!

    I only block them from modifying files, changing memory attributes of files, and limit using the clipboard- This approach is easy to implement.

    They do not run as trusted files.
     
Loading...
Thread Status:
Not open for further replies.