SERVICES.EXE

Discussion in 'malware problems & news' started by Smokey, Jul 3, 2004.

Thread Status:
Not open for further replies.
  1. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,514
    Location:
    Annie's Pub
    My software firewall (kerio 4) alerts me with the following alert:

    [4/7/2004 1:10:08]
    Direction: outgoing
    Local Point: 0.0.0.0, port 1954
    Adapter: NVIDIA nForce MCP Networking Controller - Pakketplanner-minipoort
    Remote Point: origin2.microsoft.com [207.46.250.252], port http [80]
    Protocol: TCP
    Application path: C:\WINDOWS\services.exe
    Description: services
    File version:
    Size: 6.748
    Created: 2003/5/29, 09:52:40
    Modified: 2003/5/29, 09:52:40
    Accessed: 2003/12/31, 14:44:06

    It seems, this application is trying to make an outgoing connection to Microsoft.

    The system on which it occurs has WinXP Professional.

    As far I know, the application services.exe normally is in the windows\system32 directory, it is there too with another size: 101.888 and date (9-7-2001).

    What could be the purpose of the application services.exe in the windows directory with size 6.748 and why it is trying to make an outgoing connect with Microsoft?

    I don't think it's a virus, trojan or worm, but I can't figure out what it really is.
    I have scanned the application with Kaspersky AV, F-Secure AV and TDS, and no alarm at all.

    Thanks in advance for explanation,

    Ciao,

    Smokey
     
  2. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,360
    Location:
    The Netherlands
    It can only be a worm or trojan, and it's most definitely not a Windows file.

    I suggest you post a Hijack This log in the appropriate section of this board.

    Good luck,
     
  3. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,514
    Location:
    Annie's Pub
    Ok Tony,

    I've done what you have advised, let's wait on the experts for the solution.

    Ciao,

    Smokey
     
  4. bartmann

    bartmann Guest

Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.