Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Strange service

Posted on 2013-05-13
7
Medium Priority
?
274 Views
Last Modified: 2013-05-13
i have a wondows xp machine sp3 with a strange service " jspxihjfb ", and it is set to automatic yet not started, I fear this may be indicating a virus, any second opinions?
0
Comment
Question by:Martyt1988
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 6

Expert Comment

by:BurundiLapp
ID: 39161199
It certainly looks suspicious, a full virusscan and an anti malware scan (I prefer MalwareBytes personally http://www.malwarebytes.org/ ) is in order.

What is the executable that the service points to?
0
 
LVL 75

Expert Comment

by:käµfm³d 👽
ID: 39161403
If you look at the service's properties, what executable does it point to?
0
 
LVL 24

Accepted Solution

by:
aadih earned 1500 total points
ID: 39161482
Please delete the service that is definitely suspicious.  If you need instructions, use the information here as a step-by-step guide:

http://www.howtogeek.com/howto/windows-vista/how-to-delete-a-windows-service-in-vista-or-xp/ >

Then look in installed programs list any program that you don't recognize (either disable it from starting, using msconfig) or , if you are sure, delete it completely (if in error, you could install it again).

Then scan with MalwareBytes AntiMalware.  Scan also with TDSSKiller (for RootKits).  Make sure your security software's data files are updated and the program is running.

(Note: if you have any problems scanning normally, do it in safe mode, clean, and then scan again in the normal mode).
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 
LVL 75

Expert Comment

by:käµfm³d 👽
ID: 39161564
@aadih
Please delete the service that is definitely suspicious.
That is not good advice. Blindly deleting services opens up the possibility of inadvertently breaking the system. Try to identify what the service is; then delete it if it's not important to the system.
0
 
LVL 24

Expert Comment

by:aadih
ID: 39161657
The service is clearly an invalid (malware, virus, trojan) service.  Have seen it, done it, hence the advice.  Worry not in deleting this service.
0
 

Author Comment

by:Martyt1988
ID: 39161670
service has been removed and will continue to monitor , may need to re-load
0
 
LVL 6

Expert Comment

by:BurundiLapp
ID: 39161705
You are probably right aadih, bit it would be prudent to verify that it is a malware related service before deleting it completely.

For all we know the machine could be a developers box and that might be a test name for a legitimate service that is under development.

Disabling the service and performing multiple full sweeps with various products would be the logical next steps, if they find something they may disable or delete the service themselves.
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A small collection of useful tips and tricks for Windows 10 users that I decided to write as a result of recent questions that were asked and answered at Experts Exchange. Two short video tutorials included. Enjoy..
IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question