Search:  

 
theme to white backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » wssc.exe
Uniqs:
873		 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
Place your bets - Closed vs Stealthed »
« Vista RC2 v pagefile attack + Patch Guard thoughts  

richtig
Music Is Emotion
Premium
join:2003-02-19
Australia
clubs:

wssc.exe

I am trialling Blink from eEye and it is detecting that a request for outbound (TCP) access for C:\WINDOWS32\COM\WSSC.EXE is happening.

(1) Can anyone tell me whether this is a threat?
(2) How can I find out what is originating it?
--
We are the music makers,We are the dreamers of dreams.Arthur William Edgar O'Shaugnessy
permalink · 2006-10-17 03:49:13 · Reply to this
redwolfe_98

join:2001-06-11
·RoadRunner Cable

Re: wssc.exe

if you are able to surf the internet without allowing the tcp-out connection, i would not allow it, for the time being.. then, you could upload the file for scanning at "virusscan.jotti" to see if any programs there flag it as "malware".. here is the link for "virusscan.jotti":

»virusscan.jotti.org/

did you scan your computer with your antivirus progtram? you could also use kaspersky's online-virusscan to see if it flags anything, or "dr.web's cureit", but, imo, you should not delete any files before making sure that they are, infact, malware.. some programs use "heuristics" where they can flag files that are suspicious, but might not actually be "malware"..

»www.kaspersky.com/virusscanner

»www.freedrweb.com/cureit/?lng=en

you could also locate the file and check the file's "properties".. maybe that will give you a clue as to what the file is associated with, if it is a legitimate file..
permalink · 2006-10-17 04:23:08 · Print · Reply to this

norwegian
Premium
join:2005-02-15
Outback
·WestNet Broadband
said by richtig See Profile :

(2) How can I find out what is originating it?
Not tried using the search function for DLL/HANDLE in Process Explorer ? It should return the user of that .exe
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke
permalink · 2006-10-17 09:21:20 · Reply to this

richtig
Music Is Emotion
Premium
join:2003-02-19
Australia
clubs:

 Sorry, gave the wrong location for that file. It is reported by Blink as C:\WINDOWS\SYSTEM32\COM\WSSC.EXE, but there is no such file. It is also report a WINSEC.EXE from the same location - once again, non-existent.
--
We are the music makers,We are the dreamers of dreams.Arthur William Edgar O'Shaugnessy
permalink · 2006-10-18 09:27:41 · Reply to this

amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
·RoadRunner Cable

1 edit

Re: wssc.exe

Follow the steps as outlined here: »Security Cleanup FAQ »Mandatory Steps Before Requesting Assistance

WINSEC.EXE indicates CWS - »www.castlecops.com/s4326-winsec_exe.html


--
DSLR Phishtracker
permalink · 2006-10-18 10:32:57 · Reply to this
redwolfe_98

join:2001-06-11
·RoadRunner Cable

 richtig, it is possible that the files are invisible "UPX-packed" files..

you could run a scan with "trojanhunter" and see if it flags the files as being UPX-packed files, or you could install a program called "supercleaner" and add the files' names ie "wssc.exe" to the list of "junk" files to scan for, and then see if it flags the files..

i have found invisible upx-packed files on my computer before, flagged by trojanhunter, but i had to use "supercleaner" to remove the files..

here are the links for "trojanhunter" and "supercleaner", both of which have free trial periods..

»www.misec.net/trojanhunter/

»www.southbaypc.com/SuperCleaner/

you could also try running "dr.web's cureit" and see if it flags the files.. but, again, make sure that any files that are flagged actually are malware before you delete them..

»www.freedrweb.com/cureit/?lng=en
permalink · 2006-10-19 05:09:33 · Print · Reply to this

richtig
Music Is Emotion
Premium
join:2003-02-19
Australia
clubs:

Re: wssc.exe

Trojan Hunter found nothing.

I am running KIS 6.0 and it finds nothing.

Is there any reason to think that DrWeb will be any more useful?

The thing is that only Blink is purporting to find this offender. A registry search only finds Blink's firewall entries for these images.

If they are real, something is starting them up. ProcessExplorer only shows explorer.exe as the parent process.

If these processes are real, is there a way to find what is creating them?

For the moment, I simply have Blink denying them access.
--
We are the music makers,We are the dreamers of dreams.Arthur William Edgar O'Shaugnessy
permalink · 2006-10-19 09:49:15 · Print · Reply to this

Rocky67
Pencil Neck Geek
Premium
join:2005-01-13
Orange, CA

Re: wssc.exe

Try checking your C:\WINDOWS\SYSTEM32 for wssc.exe and wsscserv.exe. They are associated with a trojan which PREVX claims to be able to remove.
--
"The Internet? Is that still around?" - Homer
permalink · 2006-10-19 13:06:07 · Reply to this

richtig
Music Is Emotion
Premium
join:2003-02-19
Australia
clubs:

Click for full size
Curiously, after a recent reboot, KAV found several associated pieces of malware. See attached image.
permalink · 2006-10-19 13:53:27 · Print · Reply to this

Rocky67
Pencil Neck Geek
Premium
join:2005-01-13
Orange, CA

Re: wssc.exe

Excellent. Glad KAV found and killed it.
permalink · 2006-10-19 16:01:59 · Reply to this

fatdcuk
Premium
join:2005-02-20
England

1 edit

Re: wssc.exe

Not quite,

WINSEC.EXE is still MIA,KAV must of updated FWIW to find what it has

Richtig

Try IceSword(its good at grabbin UPX malwares amongst other things )

»majorgeeks.com/Icesword_d5199.html

Open the software,left hand column file box and then follow the folder tree to the reported folder location.Scroll down to entry if found,copy & rename if you wish to submit to vendors(s)etc ,use delete option to expunge the file from your system.

HTH
permalink · 2006-10-19 18:16:43 · Print · Reply to this

richtig
Music Is Emotion
Premium
join:2003-02-19
Australia
clubs:

Re: wssc.exe

Icesword didn't find it.

I think WINSEC.EXE was being created by WSSC.EXE, at least I hope so. It hasn't raised its ugly head again.

I have just removed the blocking rule for WSSC.EXE from Blink, so I will now wait and see.
--
We are the music makers,We are the dreamers of dreams.Arthur William Edgar O'Shaugnessy
permalink · 2006-10-19 23:27:50 · Reply to this
Forums » Up and Running » Security » SecurityPlace your bets - Closed vs Stealthed »
« Vista RC2 v pagefile attack + Patch Guard thoughts  

Saturday, 28-Nov 17:31:47 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [122] Time Warner Cable Fires Broadside At Broadcasters
· [112] New AT&T Ad Campaign Hits Back At Verizon
· [96] Apple Joins AT&T Verizon Snark Fest
· [87] New Bill Takes Aim At Higher Verizon ETFs
· [80] TiVo Sees Record Customer Losses
· [70] Verizon CEO: Hulu Will Be Dead Soon
· [69] In-Flight Internet Headed For Bumpy Landing?
· [63] Weekend Open Thread
· [62] Thanksgiving Open Thread
· [40] EFF Wages War On Fine Print
Most people now reading
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· ToC 4th boss - Preliminary Strategy for Twin Valkyr [World of Warcraft]
· [ Classes] Druid tanking: rotation and glyphs [World of Warcraft]
· Windows 7 boot manager editing questions [Microsoft Help]
· how to use the 2nd line with phone hooked to the 1st line? [VOIP Tech Chat]
· Using AirMax to provide triple play services? [Wireless Service Providers]
· Why would I want an e reader? [General Questions]
· Windows 7 - Dell ALPS Touchpad driver [Microsoft Help]
· Using DIR-615 C1/3.01 with Trendnet TEW-652BRP in N Mode [D-Link]
· Backstab vs screws (not which to use) [Home Repair & Improvement]