wssc.exe in Security http://www.dslreports.com/forum/r17102166 en Sun, 06 Dec 2009 09:15:01 EDT Sun, 06 Dec 2009 09:15:01 EDT Re: wssc.exe http://www.dslreports.com/forum/remark,17120904 richtig : Icesword didn't find it.

I think WINSEC.EXE was being created by WSSC.EXE, at least I hope so. It hasn't raised its ugly head again.

I have just removed the blocking rule for WSSC.EXE from Blink, so I will now wait and see.
--
We are the music makers, We are the dreamers of dreams. Arthur William Edgar O'Shaugnessy ]]> http://www.dslreports.com/forum/remark,17120904 Thu, 19 Oct 2006 23:27:50 EDT Re: wssc.exe http://www.dslreports.com/forum/remark,17119013 fatdcuk : Not quite,

WINSEC.EXE is still MIA,KAV must of updated FWIW to find what it has ;)

Richtig

Try IceSword(its good at grabbin UPX malwares amongst other things :D)

»majorgeeks.com/Icesword_d5199.html

Open the software,left hand column file box and then follow the folder tree to the reported folder location.Scroll down to entry if found,copy & rename if you wish to submit to vendors(s)etc ,use delete option to expunge the file from your system.

HTH :)]]> http://www.dslreports.com/forum/remark,17119013 Thu, 19 Oct 2006 18:16:43 EDT Re: wssc.exe http://www.dslreports.com/forum/remark,17118259 Rocky67 : Excellent. Glad KAV found and killed it.]]> http://www.dslreports.com/forum/remark,17118259 Thu, 19 Oct 2006 16:01:59 EDT Re: wssc.exe http://www.dslreports.com/forum/remark,17117570 richtig : Curiously, after a recent reboot, KAV found several associated pieces of malware. See attached image.
Click for full size
]]> http://www.dslreports.com/forum/remark,17117570 Thu, 19 Oct 2006 13:53:27 EDT Re: wssc.exe http://www.dslreports.com/forum/remark,17117309 Rocky67 : Try checking your C:\WINDOWS\SYSTEM32 for wssc.exe and wsscserv.exe. They are associated with a trojan which PREVX claims to be able to remove.
--
"The Internet? Is that still around?" - Homer]]> http://www.dslreports.com/forum/remark,17117309 Thu, 19 Oct 2006 13:06:07 EDT Re: wssc.exe http://www.dslreports.com/forum/remark,17116277 richtig : Trojan Hunter found nothing.

I am running KIS 6.0 and it finds nothing.

Is there any reason to think that DrWeb will be any more useful?

The thing is that only Blink is purporting to find this offender. A registry search only finds Blink's firewall entries for these images.

If they are real, something is starting them up. ProcessExplorer only shows explorer.exe as the parent process.

If these processes are real, is there a way to find what is creating them?

For the moment, I simply have Blink denying them access.
--
We are the music makers, We are the dreamers of dreams. Arthur William Edgar O'Shaugnessy ]]> http://www.dslreports.com/forum/remark,17116277 Thu, 19 Oct 2006 09:49:15 EDT Re: wssc.exe http://www.dslreports.com/forum/remark,17115607 redwolfe_98 : richtig, it is possible that the files are invisible "UPX-packed" files..

you could run a scan with "trojanhunter" and see if it flags the files as being UPX-packed files, or you could install a program called "supercleaner" and add the files' names ie "wssc.exe" to the list of "junk" files to scan for, and then see if it flags the files..

i have found invisible upx-packed files on my computer before, flagged by trojanhunter, but i had to use "supercleaner" to remove the files..

here are the links for "trojanhunter" and "supercleaner", both of which have free trial periods..

»www.misec.net/trojanhunter/

»www.southbaypc.com/SuperCleaner/

you could also try running "dr.web's cureit" and see if it flags the files.. but, again, make sure that any files that are flagged actually are malware before you delete them..

»www.freedrweb.com/cureit/?lng=en]]> http://www.dslreports.com/forum/remark,17115607 Thu, 19 Oct 2006 05:09:33 EDT Re: wssc.exe http://www.dslreports.com/forum/remark,17110196 amysheehan : Follow the steps as outlined here: »Security Cleanup FAQ »Mandatory Steps Before Requesting Assistance

WINSEC.EXE indicates CWS - »www.castlecops.com/s4326-winsec_exe.html

:)
--
DSLR Phishtracker]]> http://www.dslreports.com/forum/remark,17110196 Wed, 18 Oct 2006 10:32:57 EDT Re: wssc.exe http://www.dslreports.com/forum/remark,17109824 richtig : Sorry, gave the wrong location for that file. It is reported by Blink as C:\WINDOWS\SYSTEM32\COM\WSSC.EXE, but there is no such file. It is also report a WINSEC.EXE from the same location - once again, non-existent.
--
We are the music makers, We are the dreamers of dreams. Arthur William Edgar O'Shaugnessy ]]> http://www.dslreports.com/forum/remark,17109824 Wed, 18 Oct 2006 09:27:41 EDT Re: wssc.exe http://www.dslreports.com/forum/remark,17102874 norwegian :
said by richtig See Profile :

(2) How can I find out what is originating it?
Not tried using the search function for DLL/HANDLE in Process Explorer ? It should return the user of that .exe
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke]]> http://www.dslreports.com/forum/remark,17102874 Tue, 17 Oct 2006 09:21:20 EDT Re: wssc.exe http://www.dslreports.com/forum/remark,17102215 redwolfe_98 : if you are able to surf the internet without allowing the tcp-out connection, i would not allow it, for the time being.. then, you could upload the file for scanning at "virusscan.jotti" to see if any programs there flag it as "malware".. here is the link for "virusscan.jotti":

»virusscan.jotti.org/

did you scan your computer with your antivirus progtram? you could also use kaspersky's online-virusscan to see if it flags anything, or "dr.web's cureit", but, imo, you should not delete any files before making sure that they are, infact, malware.. some programs use "heuristics" where they can flag files that are suspicious, but might not actually be "malware"..

»www.kaspersky.com/virusscanner

»www.freedrweb.com/cureit/?lng=en

you could also locate the file and check the file's "properties".. maybe that will give you a clue as to what the file is associated with, if it is a legitimate file..]]> http://www.dslreports.com/forum/remark,17102215 Tue, 17 Oct 2006 04:23:08 EDT wssc.exe http://www.dslreports.com/forum/remark,17102166 richtig : I am trialling Blink from eEye and it is detecting that a request for outbound (TCP) access for C:\WINDOWS32\COM\WSSC.EXE is happening.

(1) Can anyone tell me whether this is a threat?
(2) How can I find out what is originating it?
--
We are the music makers, We are the dreamers of dreams. Arthur William Edgar O'Shaugnessy ]]> http://www.dslreports.com/forum/remark,17102166 Tue, 17 Oct 2006 03:49:13 EDT