Pages: [1]   Go Down
Share this topic on FacebookShare this topic on MySpaceShare this topic on Del.icio.usShare this topic on DiggShare this topic on RedditShare this topic on StumbleUponShare this topic on TwitterShare this topic on MagnoliaShare this topic on GoogleShare this topic on Yahoo

Author Topic: Two unusual services. Are they deletable artifacts?  (Read 796 times)

0 Members and 1 Guest are viewing this topic.

Offline wbotsman

  • New Member
  • *
  • Posts: 2
Two unusual services. Are they deletable artifacts?
« on: June 11, 2009, 05:26:25 pm »
LDRKZQG and YFRTSN are manual and non-started services in a friend's system I'm trying to speed up. They have no descriptions and googling found nothing.  Autoruns doesn't show them and can find no relevant strings.  As they're not started they can't contribute to the poor performance but they might provide pointers to existing (unlikely) or previously deleted malware.   I'm intrigued, anyway.

Any ideas as to their origins? ???
Logged

Offline couttsj

  • Hero Member
  • *****
  • Posts: 440
Re: Two unusual services. Are they deletable artifacts?
« Reply #1 on: June 11, 2009, 08:13:12 pm »
Can you find the registry entries in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services? If so, the actual file loaded should be listed in the parameters key. If there is no parameters key, then it is likely that the service has already been partially deleted by an AV program. If the paramters key points to a file and its location, then verify that the file is at that location.

Report back what you find.

J.A. Coutts
Logged

Offline wbotsman

  • New Member
  • *
  • Posts: 2
Re: Two unusual services. Are they deletable artifacts?
« Reply #2 on: June 13, 2009, 01:45:20 am »
Thanks for the swift response! :)

There is no evidence of programs identified by parameter settings.  It all looks pretty legacy to me now.
Logged
Pages: [1]   Go Up