My software firewall (kerio 4) alerts me with the following alert: [4/7/2004 1:10:08] Direction: outgoing Local Point: 0.0.0.0, port 1954 Adapter: NVIDIA nForce MCP Networking Controller - Pakketplanner-minipoort Remote Point: origin2.microsoft.com [207.46.250.252], port http [80] Protocol: TCP Application path: C:\WINDOWS\services.exe Description: services File version: Size: 6.748 Created: 2003/5/29, 09:52:40 Modified: 2003/5/29, 09:52:40 Accessed: 2003/12/31, 14:44:06 It seems, this application is trying to make an outgoing connection to Microsoft. The system on which it occurs has WinXP Professional. As far I know, the application services.exe normally is in the windows\system32 directory, it is there too with another size: 101.888 and date (9-7-2001). What could be the purpose of the application services.exe in the windows directory with size 6.748 and why it is trying to make an outgoing connect with Microsoft? I don't think it's a virus, trojan or worm, but I can't figure out what it really is. I have scanned the application with Kaspersky AV, F-Secure AV and TDS, and no alarm at all. Thanks in advance for explanation, Ciao, Smokey
It can only be a worm or trojan, and it's most definitely not a Windows file. I suggest you post a Hijack This log in the appropriate section of this board. Good luck,