wmi namespace ? virus
in [Viruses]
|
Prev: GMER and aujasnkj.sys?
Next: python - confusing advice
From: FromTheRafters on 13 Sep 2009 19:24 "JClark" <jclark(a)nomail.invalid> wrote in message news:empqa5heisu9dd32ks9pu10jq99fca4qeo(a)4ax.com... > On Thu, 10 Sep 2009 09:46:17 -0400, "FromTheRafters" > <erratic(a)nomail.afraid.org> wrote: > >>"JClark" <jclark(a)nomail.invalid> wrote in message >>news:6apha5hesism55p5rjdiffkl9nr1c8loke(a)4ax.com... >>> On Wed, 9 Sep 2009 22:14:31 -0400, "FromTheRafters" >>> <erratic(a)nomail.afraid.org> wrote: >>> >>>> >>>>"JClark" <jclark(a)nomail.invalid> wrote in message >>>>news:4ebga5p1fpln9k65aq90j9m1kdkvi71nk6(a)4ax.com... >>>>> Hello Group, >>>>> >>>>> I posted details about my son's virus worries on August 25: >>>>> c3l7951gr0vcod4mc414nmvc9asumtcm97(a)4ax.com >>>>> >>>>> Without repeating the system details and my efforts to clean up >>>>> the >>>>> computer, here's what he's mostly worried about. He sees warnings >>>>> in >>>>> the event viewer/application in roughly this form: >>>>> ************************************************************************ >>>>> >>>>> A provider, [various things: RSOP, hi-perf cooker, etc] has been >>>>> registered in the WMI namespace, [various locations], to use the >>>>> LocalSystem account. This account is privileged and the provider >>>>> may >>>>> cause a security violation if it does not correctly impersonate >>>>> user >>>>> requests. >>>>> >>>>> For more information, see Help and Support Center at >>>>> http://support.microsoft.com. >>>>> >>>>> *************************************************************************** >>>>> >>>>> Is this anything to be worried about? How to check into it >>>>> further? >>>>> I >>>>> think he's worried about the use of the term "impersonate". >>>> >>>>It is a normal computerese term. >>>> >>>> >>> Thanks. As I suspected. I will post a query in the regular WinXP >>> group >>> soliciting some more details about this particular bit of >>> computerese, >>> so that I may be able to convice my son that this isn't serious or a >>> threat. >> >>http://msdn.microsoft.com/en-us/library/aa390431(VS.85).aspx >> > Thanks again for the additional information. Will reassure my son. Who would have thought an entry like HiPerfCooker_v1 would be legit? Just goes to show that judging badware by 'names' alone can be problematic. Unless one is an expert, it is better to use malware detectors than it is to just peruse for suspicious looking names. |