Need help with a mystery...

Discussion in 'other anti-virus software' started by springer, Oct 27, 2005.

Thread Status:
Not open for further replies.
  1. springer

    springer Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    26
    Short version, did a precautionary online scan with BitDefender yesterday, which turned up an infection. Double checked with Kaspersky, same thing.

    Still not convinced, ran the file, "CISVCS.EXE" through jotti.org file scan, which came back with this:

    o_Oo_Oo_O?

    Went back to Kaspersky and scanned the one file, which returned...

    What I'm trying to figure out here first off is, what kind of file/app is "CISVCS.EXE"? Google turns up virtually nothing. Symantec search, nothing. Searches anywhere I can search, nothing.

    There is a similar app called, "cisvc.exe", which is listed as a "indexing service", and this one shows up twice on my hardrive. The similarty, I'm thinking, suggests that the mystery file also is an indexing service...or on the other hand, it's a malware file designed to mimic the indexing file...or something like that.

    I'd like to just gas the damn thing and be done with it...but I'd first like to know if I'm causing a problem doing so. (I don't want vaporize into a wormhole and reappear on the other side of the galaxy...where there' no hockey games or beer, eh?)

    HiJackThis scan turns up nothing I can't readily identify with my software.

    AVG Free, AdAware, and MS Anti-spyware turn up nothing. Zone Alarms new spyware detector today finds nothing, as does Bazooka.

    I'm thinking this is a false positive, perhaps generated by data within the file on spyware, possibly from another av/anti-spyware program. This has happened to me before, conflict-wise.

    Anyway...

    Anyone here ever come across this one beforeo_O

    I see there's a thread here from about a year ago that starts off with a finding very similar to what I have here...but I don't see in that thread where it was resolved.

    o_O o_O o_O

    Last point: A properties check on the file reveals no authorship or discription, so I have no idea where it came from, other than it's been there since June of 2004.
     
  2. springer

    springer Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    26
    Sorry about that, posted it there because one of the scanners for that file by jottis was done with "Nod32".

    :)
     
  3. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    No problem. I moved it because it will probably get more attention here.

    bigc
     
  4. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    478
  5. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,096
    Hi,

    In case you need a free MD5 sum software tool to check out the variants that are safe vs parasite: http://come.to/hahn

    -- Tom
     
Loading...
Similar Threads
  1. Ronald78
    Replies:
    14
    Views:
    1,092
Thread Status:
Not open for further replies.