Page 1 of Text files, notepad.exe acessing the net and services.exe
PCs & Mobiles Forum
Text files, notepad.exe acessing the net and services.exe
A bit of a garbled title but I need some advice on whether I have some sort of hijacking going on on my old and trustworthy win98 machine.
Every time I try to open a .txt file, I get a SpywareGuard message telling me that notepad.exe is trying to access the net. After this it tells me that some program called services.exe is also trying to acces the net.
The following line always gets added to system.ini every time it happens :
load=C:\WINDOWS\INET10079\SERVICES.EXE
and win.ini gets edited as well ;
[windows]
load=
NullPort=None
norun=C:\WINDOWS\SYSTEM\SERVICES\WMPLAYER.EXE
run=C:\WINDOWS\INET10079\SERVICES.EXE
and lo and behold, the folder 10079 appears again and services.exe begins to function, although doesn`t seem to do anything as I won`t let it out of my machine.
Is this a normal Windows thing?
AdAware and AVGVirus don`t seem to think there`s anything wrong, but I`m not so sure.
cheers!
My collection
This item was edited on Tuesday, 22nd March 2005, 00:18
RE: Text files, notepad.exe acessing the net and services.exe
Generaly no problem with services.exe being allowed to access the web (Windows Services Controller), so long as the windows file hasn`t been replaced by a Trojan. Not sure that Notepad should be doing so though.
Try running Trend Housecall and Panda Active Scan.
Good luck.
Sam.
RE: Text files, notepad.exe acessing the net and services.exe
Cheers Sam,
I`m pretty sure it`s not the usual Windows `services.exe` but some horrible little virus sitting around on the registry somewhere altering ini files and waiting for me to open up a text file (which seems to start it all off). Shall check those sites you mentioned.
My collection
RE: Text files, notepad.exe acessing the net and services.exe
Unfortunately, nothing seems to notice that there`s a problem (although they picked up on a few dodgy things in temp internet files - can`t imagine how they got there! :D).
However, it only seems to happen when things are linked to open with notepad.exe. Popped into the registry to change the association for .txt files to my trusty PFE32 file editor and the problem disappeared.
Now, this leads me to thinking that notepad.exe has been take over by the viral equivalent of the mysterons, or has actually been replaced by a completely new file with the same name, but which has nothing to do with opening text files, rather more to do with getting on the net and doing nasty things.
Anyone any ideas about what may happen to notepad.exe when you`re not looking?
My collection
RE: Text files, notepad.exe acessing the net and services.exe
Alan,
Have a look at the following from Symantec - it sounds fairly similar. There`s a downloadable tool on the page to try and clean it.
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.qaz.a.html
RE: Text files, notepad.exe acessing the net and services.exe
cheers hk. It was a similar one to that described, but it had renamed notepad.exe to notepad.exe.bak (very kind of it) and replaced it with something called notepad.exe, which was only 12k (original is 59k or something). Simple job of replacing them again and delting the new one, a few edits ot windows.ini and system.ini, a small foray into the registry and everything seems ok :-). Annoyed with all the tools which didn`t catch it though.
My collection