KevinR Posted November 18, 2007 Share Posted November 18, 2007 HI guys. While looking further into my U891711 issues (see elsewhere) I had the misfortune to run MS-SysInfo and found that I LOADS of processes running from c:\windows\temp. These are all called apXXXX.exe where XXXX is a 4 digit hex number and they are all 407Kb in size. Is this an effect of the U891711/KB891711 patch or have I suffered some sort of attack. (I could not google anything about ap*.exe). Thanks Link to comment Share on other sites More sharing options...
eidenk Posted November 18, 2007 Share Posted November 18, 2007 Sounds like you are infected by some malware. Link to comment Share on other sites More sharing options...
KevinR Posted November 18, 2007 Author Share Posted November 18, 2007 Sounds like you are infected by some malware.That's what worried me. They appeared while I trying to run the U891711 patch AFTER booting with (a now known to be incompatible) ZoneAlarm 3.7.179 installed. They are not appearing anymore. So either the problem has gone or its installed a rootkit. haha. Link to comment Share on other sites More sharing options...
eidenk Posted November 18, 2007 Share Posted November 18, 2007 Try to get a software that shows which files are opened in your system. I can think of sysinternals' open list (You can find it on the internet archive) or G. Topalla's System Information Viewer.Best way I know to see if you've got a rootkit.Well with those tools I found executables runing that were hidden from my process viewer apps and whose startup keys were not visible with regedit.You could also open your registry user.dat and system.dat files (preferably in another machine or in a virtual machine) with RegExport and inspect all startup keys with it, not forgetting this one especially :HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components and its stub path entries.HTH Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now