CastleCops® VTtrayp.exe = safe

Need help? Click here to register for free! Absolutely zero advertisements on this site!

**$9736.22 of $21422.68**

Help CastleCops serve the community on new servers, Donate Here to reach our goal.

	Donation/Premium

	Donations. Become Premium Today!

	Security Central

	· Home · PIRT/Fried Phish · MIRT · SIRT · Deutsch · Wiki · Newsletter · O16/ActiveX · CLSID List · Contest2007 · Downloads · Feedback (send) · Forums · HijackThis · Hijacktrend · LSPs · My Downloads · O18 · O20 · O21 · O22 · O23 · O9 · Premium · Private Messages · Proxomitron · Reviews · Search · StartupList · Stories Archive · Submit News · WsIRT · Your Account · Acceptable Use Policy

Survey

Forum FAQ

Usergroups

Profile

Select FavForums

How to use Pacman startuplist

All -> FavForums -> Startup Programs

[del.icio.us!] [digg it!] [reddit!]

View previous topic :: View next topic

Author

Message

LeVuHoang

Cadet
Cadet

Joined: Jul 22, 2007
Posts: 9
Location: USA

Posted: Sun Jul 22, 2007 11:56 am Post subject: How to use Pacman startuplist

hello,
Thanks for your good startuplist database.
After I checked the list, I found some problem. There is an item in the data:

Code:

[MsnMsgr]
Number=6684
Confirmed=X
Filename=msnmsgr.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32annewfam.html" target="_blank">ANNEW-FAM</a> WORM! Note - this is not the valid MSN Messenger utility
Source=Paul Collins Startup list

I checked and saw that, [MsnMsgr] and MsnMsgr.exe is used for Microsoft Live Messenger also.
So, how to detect what is malware compare to the normal item ?

Code:

[msnmsgr]
Number=6682
Confirmed=N
Filename=msnmsgr.exe
Description=MSN Messenger (now superseeded by <a href="http://get.live.com/messenger/overview" target="_blank">Windows Live Messenger</a>) utility. If you don't use MSN Messenger, this can be annoying. Available via Start -> Programs. Go to MS Messenger -> Tools -> Options -> Preferences and uncheck "Run this program when Windows starts"
Source=Paul Collins Startup list

Thank you

mrsugg

Special Response Team
Premium Member

Joined: Aug 15, 2006
Posts: 2756
Location: Somewhere, over the rainbow...

Posted: Sun Jul 22, 2007 2:30 pm Post subject:

Hi LeVuHoang and welcome to CastleCops, Check this out: http://www.file.net/process/msnmsgr.exe.html Hope it helps. _________________ "We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness." -- Thomas Jefferson

LeVuHoang

Cadet
Cadet

Joined: Jul 22, 2007
Posts: 9
Location: USA

Posted: Sun Jul 22, 2007 7:53 pm Post subject:

hmm... but what happen if Virus writer makes MsnMsgr.exe outside \system32 and It has some fakes company info ?

LeVuHoang

Cadet
Cadet

Joined: Jul 22, 2007
Posts: 9
Location: USA

Posted: Sun Jul 22, 2007 7:59 pm Post subject:

so, all filename in the list is in \system32 ?
what happen if I write an Anti Virus, which filename is Activeshield.exe and store in \system32 folder ?

Code:

[Active shield]
Number=256
Confirmed=U
Filename=Activeshield.exe
Description=<a href="http://www.securitystronghold.com/" target=_blank>Active Shield</a> is "an heuristic screen that actively protects your computer from trojans, spyware, adware, trackware, dialers, keyloggers, and even some special kinds of viruses"
Source=Paul Collins Startup list

I think this list need something new to avoid false positive ?

mrsugg

Special Response Team
Premium Member

Joined: Aug 15, 2006
Posts: 2756
Location: Somewhere, over the rainbow...

Posted: Sun Jul 22, 2007 9:40 pm Post subject:

If you ever have any questions about a file, then you can upload it to Virus Total and it will be scanned online by several scanning engines at once. Just click on the "Browse" button (on the Virus Total page) and navigate to where the file is on your computer. Click on the file name to highlight it and then click "Open" and then "Send File". The file will be sent and then it will start scanning. It may take a few minutes. This will not detect all forms of malware, but it is rather reliable. Hope this helps. _________________ "We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness." -- Thomas Jefferson

LeVuHoang

Cadet
Cadet

Joined: Jul 22, 2007
Posts: 9
Location: USA

Posted: Sun Jul 22, 2007 10:32 pm Post subject:

Just because I would like to bring this database to my application but I think it should used for warning than confirm that It's malware. Thank mrsugg for your help.

mrsugg

Special Response Team
Premium Member

Joined: Aug 15, 2006
Posts: 2756
Location: Somewhere, over the rainbow...

Posted: Mon Jul 23, 2007 1:10 am Post subject:

You're very welcome. _________________ "We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness." -- Thomas Jefferson

	All -> FavForums -> Startup Programs	All times are GMT
Page 1 of 1

You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


	2002-2008 � Computer Cops LLC dba CastleCops®. All rights reserved. Acceptable Use Policy. Use signifies your agreement. 190ppm 0.248s (0.05s) Making cybercriminals unhappy since 2002*