explorer.exe always & services.exe always try to modify other files

Discussion in 'other security issues & news' started by Mr. Y, Dec 17, 2006.

Thread Status:
Not open for further replies.
  1. Mr. Y

    Mr. Y Registered Member

    Joined:
    Jan 11, 2006
    Posts:
    257
    Has anyone noticed- that explorer.exe & services.exe alway try to modify other files?

    It seems to me that this would be a good malware/spyware/keylogger exploitation technique to screw up your computer.

    I use ProcessGuard to block this without any ill effects.
     
    Mr. Y, Dec 17, 2006
    #1
  2. Mr. Y

    Mr. Y Registered Member

    Joined:
    Jan 11, 2006
    Posts:
    257
    Why did you move the post here- No one will ever see it

    Why did you move the post here- No one will ever see it
     
    Mr. Y, Dec 17, 2006
    #2
  3. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    I saw it :)
    Back to topic.
    Never recogniced this behaviour. Please specify these modificacions?
    Or did you mean that for example explorer.exe queries informations, reads, closes and opens constantly other running processes? This is quiet normal.
     
    Tommy, Dec 17, 2006
    #3
  4. Mr. Y

    Mr. Y Registered Member

    Joined:
    Jan 11, 2006
    Posts:
    257
    Thanks for the reply-

    1. explorer.exe tries to "modify" many files per ProcessGuard.

    2. explorer.exe tries to "change memory" attributes on many files per SSM.

    As previously stated, I have blocked these explorer.exe actions without any ill effects.

    Additionally explorer.exe will always try to open the "clipboard" if you have previously opened the "clipboard" with another application. I block this with Tiny Personal Firewall without any ill effects.

    My hard drive is not infected- explorer.exe does this after fresh "windows" installations.

    It seems that an excellent malware exploitation technique would be to tie into explorer.exe or services.exe.
     
    Mr. Y, Dec 17, 2006
    #4
  5. Mr. Y

    Mr. Y Registered Member

    Joined:
    Jan 11, 2006
    Posts:
    257
    Obviously someone hates me, because they keep moving this post to different forums
     
    Mr. Y, Dec 18, 2006
    #5
  6. cprtech

    cprtech Registered Member

    Joined:
    Feb 26, 2006
    Posts:
    335
    Location:
    Canada
    It is rather alarming just how much influence explorer.exe has on other processes, but that is Windows for you. According to SSM on my system, it is a parent to no fewer than 46 objects, all of which are legit. However, I see it as launching other apps, rather than modify or change memory attributes. Services.exe does not have nearly the same influence. Depending on what it is doing on your system, it surprises me that you are seeing no ill effects on blocking it. Can you provide specifics on some of these modifications it is trying to do?
     
    cprtech, Dec 19, 2006
    #6
  7. Mr. Y

    Mr. Y Registered Member

    Joined:
    Jan 11, 2006
    Posts:
    257
    I don't survey how often Service.exe or Explorer.exe run. And I don't try and figure out what mods they are trying to make to other files- Too hard!

    I only block them from modifying files, changing memory attributes of files, and limit using the clipboard- This approach is easy to implement.

    They do not run as trusted files.
     
    Mr. Y, Dec 19, 2006
    #7
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...