topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Friday November 14, 2025, 8:47 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Recent Posts

Pages: prev1 ... 272 273 274 275 276 [277] 278 279 280 281 282 ... 310next
6901
Site/Forum Features / Re: non-users can't view added images
« Last post by Carol Haynes on November 29, 2005, 07:41 AM »
Thanks for doing that - I have removed the original image so it isn't there twice!
6902
Living Room / Re: Unknown service (can't find relevant info on the web)
« Last post by Carol Haynes on November 29, 2005, 07:19 AM »
???? Solved the problem ????

I also posted about these issues on the USNET support group: news://microsoft.public.windowsxp.general and got an interesting reply from Wesley Vogel MS-MVP. He pointed me at the Sysinternals Rootkit Revealer webpage. Note the introduction para 2:

The reason that there is no longer a command-line version is that malware authors have started targetting RootkitRevealer's scan by using its executable name. We've therefore updated RootkitRevealer to execute its scan from a randomly named copy of itself that runs as a Windows service. This type of execution is not conducive to a command-line interface. Note that you can use command-line options to execute an automatic scan with results logged to a file, which is the equivalent of the command-line version's behavior.

Apparently the registry entries for this service are left behind after the scan, and consequently you end up with apparently disconnected random services ....

It seems strange to me though that the software would use random names that match known malware (K.EXE), look like they are related to grafix packages (GXF.EXE) etc.

I think I will pop into the sysinternal forums and ask about this further ...
6903
Living Room / Re: Unknown service (can't find relevant info on the web)
« Last post by Carol Haynes on November 29, 2005, 06:55 AM »
I have also downloaded SpyWare Doctor as it had good recent reviews (since that is supposed to detect and remove K.EXE keylogger as well as worms/trojans). It too came up with nothing ???

There are no suspect services or processes running or listed this morning. I guess I had better just keep monitoring the situation everyday - and after I browse the web just in case something really sneaky is lurking that no one has met yet!
6904
Living Room / Sorry to do this to the winter haters (I love it)
« Last post by Carol Haynes on November 29, 2005, 06:53 AM »
He's my hero ... (see below)
6905
Living Room / Re: Unknown service (can't find relevant info on the web)
« Last post by Carol Haynes on November 28, 2005, 07:47 PM »
Trouble is I can't remember what the installed apps were (apart from MS VS Express 2005) as there have been quite a few, and not all of them required a reboot.

Quite a few apps leave installer leftovers in the TEMP folder (MS apps get quite upset if you delete the crap too).

This is what I have in terms of startup apps and services curently ... nothing seems particularly odd:
6906
Living Room / Re: Unknown service (can't find relevant info on the web)
« Last post by Carol Haynes on November 28, 2005, 07:45 PM »
They were registered services - present in the services list (but not running).

The service entry point in the registry had this for one of them  (the others were very similar)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FRLCT]
"Type"=dword:00000110
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):48,3a,5c,4c,4f,43,41,4c,53,7e,31,5c,54,65,6d,70,5c,46,52,4c,\
  43,54,2e,65,78,65,00
"DisplayName"="FRLCT"
"ObjectName"="LocalSystem"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FRLCT\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
  05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
  00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
  00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FRLCT\Enum]
"0"="Root\\LEGACY_FRLCT\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

6907
Living Room / Re: Unknown service (can't find relevant info on the web)
« Last post by Carol Haynes on November 28, 2005, 07:39 PM »
Presumably the only real solution is a complete reinstall ???

Could these be hangovers from application installation where actions are required after a reboot?
6908
Living Room / Re: Unknown service (can't find relevant info on the web)
« Last post by Carol Haynes on November 28, 2005, 07:16 PM »
I have now spotted two new unknown services listed GXF.EXE and FRLCT.EXE.

Both point to files which were in the Local Settings\Temp folder (but no
longer exist).

Has anyone any idea what these are? Google etc. and antispyware/AV sites
come up with no info on either.

Any help on this would really be appreciated - I am beginning to get very
worried that something sinster is going on.

I have done a complete antivirus scan and multiple anti malware scans
without showing up anything, and I have done a system search for these 3
files and can't find them anywhere on my system. (I used FileLocator Pro set to search all hard discs/folders etc. and inside .CAB, .ZIP and .RAR files)

My system setup is:

Windows XP SP2 (fully up to date)
NOD32 AntiVirus
Sygate Pro Firewall (yes I know I need to change this as Symantec have
effectively made it abandonware recently - according to Sygate/Symantec it is being supported until the end of November and my last update was fairly recent)

I also constantly run ProcessGuard (which stops unknown programs starting
without permission), WebRoot SpySweeper and MS AntiSpyware

I have also scanned my system with AdAwareSE Pro and SpyBot Search & Destroy
which shoed up no issues.

Am I missing something here? How can services appear and disappear like
this?




6909
Found Deals and Discounts / Re: Limited Time Offer: $20 (33%) off MSGTAG ... offer expires on 30th November 2005
« Last post by Carol Haynes on November 28, 2005, 12:27 PM »
I don't know - I haven't tried it.

There is a demo version you can download so you could try and see what it does?

I presume it doesn't work by inserting single pixel images as they say it doesn't work with Yahoo, Hotmail etc. which don't block such images.
6910
Found Deals and Discounts / Limited Time Offer: $20 (33%) off MSGTAG ... offer expires on 30th November 2005
« Last post by Carol Haynes on November 28, 2005, 12:14 PM »
See http://msgtag.com/products/status2/ft/

This offer is from the FireTrust/Mailwasher/Benign newsletter and looks useful if you need this sort of thing.

MSGTAG is an indispensable addition to your email client. When you send an email, MSGTAG tells you when the recipient opens your message, so you know they received it OK. It's just like registered mail for email.

The Wall Street Journal and PC World magazine love it, along with loads of other magazines and newspapers around the world.

MSGTAG 2 is:

simple to use
quick to download
packed with innovative features that make email a much more reliable way to communicate
And you won't even know it's there. Just set it up and forget!

This month, we're offering you an incredible US$20 discount on MSGTAG 2. That's a saving of over 33% !!

This special price expires on Wednesday November 30. To receive your US$20 discount, you'll need to enter this special code into the box marked 'Your coupon code' when you reach the purchase page:

FTNCA5

So why wait? Take control of your outgoing email now! Click here now to take advantage of this limited-time offer.

6911
Official Announcements / Re: Name and Catchphrase for New DC Logo Mascot - PART 2
« Last post by Carol Haynes on November 28, 2005, 09:08 AM »
Sorry Mouser - must have missed your post ...
6912
Best Firewall / Re: agnitum outpost v3 - the horror?
« Last post by Carol Haynes on November 28, 2005, 03:44 AM »
Mouser, has this (and other issues) now been resolved in the new version ?
6913
Official Announcements / Re: Name and Catchphrase for New DC Logo Mascot - PART 2
« Last post by Carol Haynes on November 28, 2005, 03:31 AM »
I have CarolHaynes' little screensaver up, and I'm growing attached to what it says:  "you name the price."
-momonan (November 27, 2005, 10:14 PM)

Thanks - you are the first person to comment on it ;-)

I thought no one had bothered to try it!
6914
Finished Programs / Re: idea: give a driveltter a name say E DVD-writer
« Last post by Carol Haynes on November 27, 2005, 03:06 PM »
can this even be done?
-mouser (November 27, 2005, 02:42 PM)

Yes but it is a bit flaky - there are some registry settings to do this - I have a multicard reader the shows up with the drive card types as names (even when there are no cards loaded) such as E:(CF card)
6915
Living Room / Re: Unknown service (can't find relevant info on the web)
« Last post by Carol Haynes on November 27, 2005, 11:35 AM »
Interesting about Sygate - it would have been nice if they told their customers that they had sold out to Symantec (I have come to the conclusion that Symantec are a giant vacuum cleaner - it sucks up all the goodies and everything that then comes out of the bag is covered in crap).

Interestingly though:

Symantec will continue to sell the current Sygate solutions under the Sygate brand. In the next six months, the company expects to rebrand the next version of the products and include additional functionality. Thereafter, Symantec plans to integrate the Sygate technology into the company's existing enterprise security products.

that was posted on 10th October ...

Whatever, I now need to look for a new Firewall - I don't want to be dependent on Symantec again. The question is am I entitled to a refund on my Sygate subscription (which has over 12 months to run)?

Unfortunately I have Netsys wireless kit and most will support WPA2 but not all ... particulalry my wireless booster upstairs which only supports WEP (most of the repeaters only seem to support WEP that I could find when I looed recently)

Part of the problem is being in the UK ... there doesn't seem as much choice over here for wireless gear. Given that what I have is less than a year old I don't feel inclined to throw it away.

Having said that I figure WEP is perfectly adequate - I have enough trouble getting a strong signal in my own property and neither of the neighbouring properties are likely to be snooping (one is empty 90% of the time, and the other is a friend). I live in a tiny, remote village in a sprawling farm conversion complex - most of which is owned by retired 2nd home owners (and empty most of the year) - so I don't think wireless instrusion is at all likely any time soon.

I have to confess to installing AdMuncher - I did it pretty much as an experiment and have decided to use it after all. Actually I have had pretty agressive anti-popup stuff installed for a long time (mainly because I hate unwanted windows open) and I never allow ActiveX controls to install unless I know what they are!
6916
Best Archive Tool / Re: FilZip and Squeez added to Archive Tools Review
« Last post by Carol Haynes on November 27, 2005, 08:47 AM »
Is Squeez a subset of SpeedCommander or are they totally separate?
6917
Living Room / Re: Unknown service (can't find relevant info on the web)
« Last post by Carol Haynes on November 27, 2005, 08:25 AM »
Don't know because I don't have the file to look at.

I have a few shared folders on my local Wireless Network - how can I beef up security to stop it happening again?

I am in a remote area - so it is unlikely anyone is hacking into my network via the wireless connection, so it must be arriving from the internet ... I have Sygate Firewall/NOD32 AV/Various antispyware apps some of which are actively monitoring my system usually when I am on line.
6918
Living Room / Re: singing text web page
« Last post by Carol Haynes on November 27, 2005, 04:23 AM »
What a totally mad thing to do  :Thmbsup:

Had me laughing - but you couldn't listen too long without becoming hysterical ...
6919
Living Room / Re: Unknown service (can't find relevant info on the web)
« Last post by Carol Haynes on November 27, 2005, 04:16 AM »
Well, here's the first result I found...

http://www.auditmypc.com/process/k.asp
-Innuendo (November 26, 2005, 07:57 PM)

Thanks.

Yes I saw the TKBOT worm when I did a websearch but according to Symmantec etc. there are a number of characteristsics (in terms of other files/registry entries) and none of those seemed to be present.
6920
Finished Programs / Re: Windows sticky note program
« Last post by Carol Haynes on November 26, 2005, 04:03 AM »
Note-It by Veign (another member here) would probably meet your needs and doesn't use a tray icon.

You can add any filetype based operation to the standard Explorer Context Menu.

It is explained here so if you want to use a program like Note-It you can simply set up a context menu entry to edit .not files and a hotkey (in the programs shortcut in the Programs menu) to create new post-its. In fact it already has a "Show Note" context menu or you can simply click on Note files to open them.
6921
Living Room / Belated Happy Thanksgiving to all our US friends
« Last post by Carol Haynes on November 25, 2005, 06:56 AM »
Yes I know I am a day late but my pumpkin pie happened a few weeks back now ...

Strange how US ideas are seeping into UK culture - but thankfully Hallmark haven't started to try and get us all to 'do thanksgiving' yet (not that the Brits have anyone to thank for anything  :-[)

On the subject of commercial holidays this blog amused me (its only short). The movie (You better believe it) is worth downloading (although it is nearly 5Mb long). I have two house that compete on a similar scale in my village - you can literally see them from miles away - aided by no streetlighting out in the sticks.
6922
FlipSuite and Flipbook Printer / Re: 30 frame movie imports as 1001 frames
« Last post by Carol Haynes on November 25, 2005, 03:33 AM »
Be a hell of a flip book thoug at  16.5 minutes duration ;)
6923
Living Room / Re: Unknown service (can't find relevant info on the web)
« Last post by Carol Haynes on November 25, 2005, 03:11 AM »
have you searched for the actual k.exe file - finding that and looking at it might shed some light.
-mouser (November 24, 2005, 08:10 PM)

Unfortunately I had deleted K.EXE by the time I found it so can't send it off for analysis.

Trouble is there are threats on the internet that contain a K.EXE file but none of the other symptoms exist on my system (I have been checking associated files and registry entries but none seem to exist). I could try finding a copy of K.EXE on the web but there is no way of knowing if it is the same file ???
6924
Living Room / Unknown service (can't find relevant info on the web)
« Last post by Carol Haynes on November 24, 2005, 06:07 PM »
I discovered an unknown service present on my system (not good) and can't find any relevant info on the web.

The service is simply called 'K' and referrs to the file Local Settings\Temp\K.EXE

Unfortunately I had deleted K.EXE by the time I found it so can't send it off for analysis.

I have done websearches on K.EXE but haven't found any references that seem to refer to the same thing (there are some finds but the other parts of their descriptions aren't found on my system).

K.EXE had three associated registry entries (Control Set\Service entries) similar to this:

[Select]
REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\K]
"Type"=dword:00000110
"Start"=dword:00000004
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):48,3a,5c,4c,4f,43,41,4c,53,7e,31,5c,54,65,6d,70,5c,4b,2e,65,\
  78,65,00
"DisplayName"="K"
"ObjectName"="LocalSystem"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\K\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
  05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
  00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
  00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\K\Enum]
"0"="Root\\LEGACY_K\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001


Anyone else experienced this or can shed light on it.

I have written to ESET (NOD32) support to ask for advice but without the K.EXE file I doubt they can help much.
6925
Living Room / Re: Odd problem ... Windows Task Scheduler hangs and crashes Explorer
« Last post by Carol Haynes on November 24, 2005, 05:50 PM »
Discovered that if I leave it alone long enough NOD32 service allows the scheduler to start up.

I will write to ESET to ask for advice ...

Also found that the latest Virus update for NOD32 deletes IzyMail - which is a pain (if anyone doesn't know IzyMail is a really good POP client interface to Hotmail - I've been using it for years).
Pages: prev1 ... 272 273 274 275 276 [277] 278 279 280 281 282 ... 310next