• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 275
  • Last Modified:

Strange service

i have a wondows xp machine sp3 with a strange service " jspxihjfb ", and it is set to automatic yet not started, I fear this may be indicating a virus, any second opinions?
0
Martyt1988
Asked:
Martyt1988
  • 2
  • 2
  • 2
  • +1
1 Solution
 
BurundiLappCommented:
It certainly looks suspicious, a full virusscan and an anti malware scan (I prefer MalwareBytes personally http://www.malwarebytes.org/ ) is in order.

What is the executable that the service points to?
0
 
käµfm³d 👽Commented:
If you look at the service's properties, what executable does it point to?
0
 
aadihCommented:
Please delete the service that is definitely suspicious.  If you need instructions, use the information here as a step-by-step guide:

http://www.howtogeek.com/howto/windows-vista/how-to-delete-a-windows-service-in-vista-or-xp/ >

Then look in installed programs list any program that you don't recognize (either disable it from starting, using msconfig) or , if you are sure, delete it completely (if in error, you could install it again).

Then scan with MalwareBytes AntiMalware.  Scan also with TDSSKiller (for RootKits).  Make sure your security software's data files are updated and the program is running.

(Note: if you have any problems scanning normally, do it in safe mode, clean, and then scan again in the normal mode).
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 
käµfm³d 👽Commented:
@aadih
Please delete the service that is definitely suspicious.
That is not good advice. Blindly deleting services opens up the possibility of inadvertently breaking the system. Try to identify what the service is; then delete it if it's not important to the system.
0
 
aadihCommented:
The service is clearly an invalid (malware, virus, trojan) service.  Have seen it, done it, hence the advice.  Worry not in deleting this service.
0
 
Martyt1988Author Commented:
service has been removed and will continue to monitor , may need to re-load
0
 
BurundiLappCommented:
You are probably right aadih, bit it would be prudent to verify that it is a malware related service before deleting it completely.

For all we know the machine could be a developers box and that might be a test name for a legitimate service that is under development.

Disabling the service and performing multiple full sweeps with various products would be the logical next steps, if they find something they may disable or delete the service themselves.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now