Thema: Help With This Log File
Einzelnen Beitrag anzeigen
Alt 30.10.2004, 11:56   #18 (permalink)
antonbijl
Gast
 
Beiträge: n/a
AW: Help With This Log File
We have a corporate or enterprise edition of Trend Micro. The setting that causes the random file name for the 'Officescan Watchdog' is accessed through the web-based admin console on the server under the global client settings and is called 'Enable Anti-hijack' or something of the sort.

When disabled, the process still starts on boot-up, but with the original .exe name 0FCD0G.exe in the process list below. Still no properties, but the filename is consistent (note that the file name has zero's instead of O's)

As you say, it will be difficult to identify it as safe, since they've intentionally made it hard to identify...

Code:
Process list saved on 11:50:08 AM, on 2004/10/30
Platform: Windows XP SP1 (WinNT 5.01.2600)

[full path to filename]		[file version]	[company name]
C:\WINDOWS\System32\smss.exe		5.1.2600.1106	Microsoft Corporation
C:\WINDOWS\system32\winlogon.exe		5.1.2600.1106	Microsoft Corporation
C:\WINDOWS\system32\services.exe		5.1.2600.0	Microsoft Corporation
C:\WINDOWS\system32\lsass.exe		5.1.2600.1106	Microsoft Corporation
C:\WINDOWS\system32\svchost.exe		5.1.2600.0	Microsoft Corporation
C:\WINDOWS\System32\svchost.exe		5.1.2600.0	Microsoft Corporation
C:\WINDOWS\system32\spoolsv.exe		5.1.2600.0	Microsoft Corporation
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe		7.10.3077.0	Microsoft Corporation
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe		6.5.0.1030	Trend Micro Inc.
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe		6.5.0.1030	Trend Micro Inc.
C:\WINDOWS\System32\tcpsvcs.exe		5.1.2600.0	Microsoft Corporation
C:\WINDOWS\System32\snmp.exe		5.1.2600.1106	Microsoft Corporation
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe		6.5.0.1030	Trend Micro Inc.
C:\PROGRAM FILES\TREND MICRO\OFFICESCAN CLIENT\0FCD0G.EXE			
C:\WINDOWS\Explorer.EXE		6.0.2800.1221	Microsoft Corporation
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe		6.5.0.1030	Trend Micro Inc.
C:\WINDOWS\System32\ctfmon.exe		5.1.2600.1106	Microsoft Corporation
C:\Documents and Settings\Antonb\My Documents\My Downloads\hijackthis_198\HijackThis.exe		1.98.0.2	Soeperman Enterprises Ltd.