ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

Unknown service (can't find relevant info on the web)

(1/6) > >>

Carol Haynes:
I discovered an unknown service present on my system (not good) and can't find any relevant info on the web.

The service is simply called 'K' and referrs to the file Local Settings\Temp\K.EXE

Unfortunately I had deleted K.EXE by the time I found it so can't send it off for analysis.

I have done websearches on K.EXE but haven't found any references that seem to refer to the same thing (there are some finds but the other parts of their descriptions aren't found on my system).

K.EXE had three associated registry entries (Control Set\Service entries) similar to this:


--- ---REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\K]
"Type"=dword:00000110
"Start"=dword:00000004
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):48,3a,5c,4c,4f,43,41,4c,53,7e,31,5c,54,65,6d,70,5c,4b,2e,65,\
  78,65,00
"DisplayName"="K"
"ObjectName"="LocalSystem"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\K\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
  05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
  00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
  00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\K\Enum]
"0"="Root\\LEGACY_K\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001


Anyone else experienced this or can shed light on it.

I have written to ESET (NOD32) support to ask for advice but without the K.EXE file I doubt they can help much.

mouser:
have you searched for the actual k.exe file - finding that and looking at it might shed some light.

Carol Haynes:
have you searched for the actual k.exe file - finding that and looking at it might shed some light.
-mouser (November 24, 2005, 08:10 PM)
--- End quote ---

Unfortunately I had deleted K.EXE by the time I found it so can't send it off for analysis.
--- End quote ---

Trouble is there are threats on the internet that contain a K.EXE file but none of the other symptoms exist on my system (I have been checking associated files and registry entries but none seem to exist). I could try finding a copy of K.EXE on the web but there is no way of knowing if it is the same file ???

mouser:
try recyle bin to undelete it?

Innuendo:
Well, here's the first result I found...

http://www.auditmypc.com/process/k.asp

Navigation

[0] Message Index

[#] Next page

Go to full version