While there are viruses and spyware listed, a number of these are
legitimate programs. I recognized many of these background tasks and
checked my favorite task list at http://answersthatwork.com/ .
E.g., ctfmon.exe is an ordinary part of Microsoft Office XP and Windows
XP – it activates the Alternative User Input Text Input Processor (TIP)
and the Microsoft Office XP Language Bar.
LSASS is usually the Local Security Authentication Server, unless a
virus has replaced it.
Windoze OSes are frustratingly difficult to keep free of viri,
especially if you run Outlook or Internet Exploder. However, when
educating others about its problems, we have to be careful to remain
objective.
Thank You.
R. Scott Belford wrote:
I have been meaning to email LUAU and our announce list for some time
to make sure that we all knew the recent news about HOSEF. We have a
permanent home at UH thanks to many unthanked people, and luau and
monmotha have a permanent home with HOSEF. We have set up a lab this
year at Kuhio Elementary, we had a booth at the eSchool conference,
and we have donated a lab to the Boys and Girls Club of Hawaii in Ewa
Beach where we refurbish the computers that are later donated to other
organizations. We just put a Mandrake Box at the Makiki Community
Library.
There is so much news, and I will share it soon. For now, I want to
shock you, if I can.
There are two computer labs at the BGCH. The downstairs one, a windows
lab, was donated by the Case Foundation and was supported for the
first few years. Upstairs is our 15 station Linux thin client lab. We
have also donated two stand-alone Mandrake boxes now in heavy use by
MGMT.
The downstairs windows lab has fallen in disrepair. No windows updates
and no IE patches have made this lab an unsurfable nightmare on some
computers. It is no longer even possible to run Windows Update on the
ones that I have tried. It is not the staff's fault, support is now
handled by the company of one the members of the BOD. A quick look at
the Task Manager and some time googling has revealed the following on
just *one* computer.
CTFMON.exe
http://securityresponse.symantec.com/avcenter/venc/data/spyware.familykeylog.html
FF.EXE
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.rirc.html
WSup.exe
http://securityresponse.symantec.com/avcenter/venc/data/adware.huntbar.html
WToolsA.exe
http://securityresponse.symantec.com/avcenter/venc/data/adware.huntbar.html
msbb.exe
http://securityresponse.symantec.com/avcenter/venc/data/adware.ncase.html
wupdater.exe
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.polybot.html
CMESys.exe
http://securityresponse.symantec.com/avcenter/venc/data/dialer.iedisco.html
WKufind.exe
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ee.html
VPTray.exe
proof that norton is uninstalled
mspmspsv.exe
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ee.html
WToolsS.exe
http://securityresponse.symantec.com/avcenter/venc/data/adware.huntbar.html
regsvc.exe
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.cloner.html
lsass.exe
http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.b.worm.html
csrss.exe
http://securityresponse.symantec.com/avcenter/venc/data/w32.dalbug.worm.html
smss.exe
http://securityresponse.symantec.com/avcenter/venc/data/w32.dalbug.worm.html
If you are still wondering if Linux can replace Windows on the
Desktop, I can assure that it can, it has, it does, and in cases like
this, it must. I'll be documenting this in a case study, but for now I
had to share this horror with someone else.
--scott
_______________________________________________
LUAU@lists.hosef.org mailing list
http://lists.hosef.org/cgi-bin/mailman/listinfo/luau