100kn4malware

Message Topic Search Topic Options Post Reply Create New Topic Printable Version

   I have two processes I would like to trace. I hear that with Process Explorer and a few other progs you can discover if they are malware related.

They have no icon and are not verified Microsoft images.

Checked the strings and no suspicious URL's. There is a coded, schemas microsoft com. 

In one of them there is a copyright for P.J. Plauger. Apparently he sold the first c compiler and Unix like OS.

Anyway, would like to trace this down.

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version
CooKooBird Members Profile Send Private Message Find Members Posts Visit Members Homepage Add to Buddy List Senior Member Joined: 03 March 2008 Location: United States Online Status: Offline Posts: 148	Quote Reply Topic: 100kn4malware Posted: 10 March 2008 at 2:30am
	I have two processes I would like to trace. I hear that with Process Explorer and a few other progs you can discover if they are malware related. They have no icon and are not verified Microsoft images. Checked the strings and no suspicious URL's. There is a coded, schemas microsoft com. In one of them there is a copyright for P.J. Plauger. Apparently he sold the first c compiler and Unix like OS. Anyway, would like to trace this down.
	I Am Not A Malware Expert For Other Queries Use *1'

molotov Members Profile Send Private Message Find Members Posts Visit Members Homepage Add to Buddy List Moderator Group Joined: 04 October 2006 Online Status: Offline Posts: 17287	Quote Reply Posted: 10 March 2008 at 3:15am
	Hi CooKooBird, What are the process / programs names? You might consider uploading them to VirusTotal or a similar online scanner. You could also execute them in the context of a VM and if they are not VM aware the behavior may become evident. But really, why worry? Simply don't run questionable executables... Depending on the compiler used, something like #pragma comment( user, "Copyright P.J. Plauger" ) may have been used to embed the string in the binary. It may have been included in a header file that was redistributed with the development environment. A bit of Googling about P.J. Plauger will turn up who he is... Edited by molotov - 10 March 2008 at 3:18am
	Daily affirmation: net helpmsg 4006

CooKooBird Members Profile Send Private Message Find Members Posts Visit Members Homepage Add to Buddy List Senior Member Joined: 03 March 2008 Location: United States Online Status: Offline Posts: 148	Quote Reply Posted: 11 March 2008 at 2:09am
	TODDSrv.exe TNaviSrv.exe "Depending on the compiler..." FlushFileBuffers .?AVexception@@ .?AVruntime_error@std@@ .?AVfailure@ios_base@std@@ Copyright (c) 1992-2001 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED. .?AVlogic_error@std@@ .?AVlength_error@std@@ .?AVout_of_range@std@@ .?AVbad_alloc@std@@ .?AVtype_info@@ Google= early developer of compiler and unix like OS, 1970's. Thanks for helping.
	I Am Not A Malware Expert For Other Queries Use *1'

molotov Members Profile Send Private Message Find Members Posts Visit Members Homepage Add to Buddy List Moderator Group Joined: 04 October 2006 Online Status: Offline Posts: 17287	Quote Reply Posted: 11 March 2008 at 4:37am
	The specified strings are not an indication of anything "good" or bad. The executable uses some version of the C++ STL. Google History
	Daily affirmation: net helpmsg 4006