Unknown process

[Guest]

I have a process called fdgbeb.exe that runs at start up and connects to
193.37.152.161 port number). It seems to overload my internet connection. I
have no idea how it got on my machine ut it is easily stopped using task
manager.

Can anyone tell me if it is safe to delete this process?

 

[Mr. Arnold]

I have a process called fdgbeb.exe that runs at start up and connects to
193.37.152.161 port number). It seems to overload my internet
connection. I
have no idea how it got on my machine ut it is easily stopped using task
manager.

Can anyone tell me if it is safe to delete this process?

If you don't know what it is, then it shouldn't be running.

If you use Arin Whois to trace the IP, it goes to RIPE and winds up at the
Web Hosting company.

For all you know, it's malware as nothing should taking your Internet
connection like that, unless it's pulling/uploading data from your machine
to the site.


http://www.giga-international.com/ueber.php

 

[Guest]

If you don't know what it is, then it shouldn't be running.

If you use Arin Whois to trace the IP, it goes to RIPE and winds up at the
Web Hosting company.

For all you know, it's malware as nothing should taking your Internet
connection like that, unless it's pulling/uploading data from your machine
to the site.


http://www.giga-international.com/ueber.php

Thanks for that response. I've already mailed the hosting companies abuse
contact and await a reply, however, according to windows defender the process
was installed at manufacture so I am unsure whether it is malware or a
genuine process hi-jacked by malware which is why I am unsure if I should
just delete the process. Google, Microsoft and Symantec all come up blank on
searches for the process.

 

[Mr. Arnold]

Thanks for that response. I've already mailed the hosting companies abuse
contact and await a reply, however, according to windows defender the
process
was installed at manufacture so I am unsure whether it is malware or a
genuine process hi-jacked by malware which is why I am unsure if I should
just delete the process. Google, Microsoft and Symantec all come up blank
on
searches for the process.

Then what you should do is with a FW if one is running on the machine is
stop outbound traffic to that IP, until you know something.

 

[Rock]

I have a process called fdgbeb.exe that runs at start up and connects to
193.37.152.161 port number). It seems to overload my internet
connection. I
have no idea how it got on my machine ut it is easily stopped using task
manager.

Can anyone tell me if it is safe to delete this process?

Assuming it's spelled correctly, that Google gives no hits is suspicious and
suggests malware.

 

[Guest]

Assuming it's spelled correctly, that Google gives no hits is suspicious and
suggests malware.

Thanks for the replies. I've found the startup key for this application in
the registry and it is listed as a MS display driver, can someone from MS
confirm this?

 

[Mr. Arnold]

Thanks for the replies. I've found the startup key for this application in
the registry and it is listed as a MS display driver, can someone from MS
confirm this?

Confirm what? That's for you to do. It's your responsibility to know what is
running on your computer. You're the one that needs to make a determination
if the process is legit or not, because after all, its your computer.

Something shows up out of nowhere and is tying up my connection, and I can
stop it from doing it, then that's going to happen.

What would be the need of that program making an Internet connection with
outbound commutations to a remote site?

I had a Linksys wireless card driver that was phoning home to various IP(s).
I needed the driver, but I didn't need it phoning home so I stopped it from
doing it.

Maybe, you should block outbound traffic to that IP period with a firewall,
better yet, stop the exe from running and see what happens. It's just an
exe, use MSconfig and uncheck it in the Start-up, if it's there or go find
it in the Start-up folder and stop it or remove it.

Again what business does that program have in sending outbound traffic to a
remote IP, legit or not legit?

I like CurrPort, because you got to go look for yourself from time to time.
Also Process Explorer is a good tool to look and see what is running on the
machine. You can look inside a process like that exe and see what it's
hosting (hidden processes), that Task Manger cannot show you.

http://www.bestvistadownloads.com/download-tcp-port-software.html

http://preview.tinyurl.com/klw1

http://www.microsoft.com/technet/sysinternals/default.mspx

Active Ports doesn't run on Vista.

 

[Guest]

Confirm what?

Confirm if it is a genuine MS display driver, I thought that was obvious.
And yes it is my computer but I didn't write, design or even install the
software, so I thought I'd ask a MS tech if it is a genuine process because
if it is then I'd rather not delete or otherwise interfere with it and
concentrate on finding out why it's making spurious internet connections.

As soon as I did a netstat -b and found that it was making a connection I
blocked it. At present no software, adaware, windows defender, avg av, norton
online check, spybot find the process a threat or find any other on my
system. I did this before my original post.

If you look back, I didn't ask how to stop it connecting, I didn't ask what
to use to see if it's malware, I asked if anyone knew if it was safe to
delete? So over to someone who knows what they are talking about and is able
to answer a direct question without a know-it-all attitude.

 

[Alun Harford]

Thanks for that response. I've already mailed the hosting companies abuse
contact and await a reply

So *you're* presumably performing a denial of service attack on a
machine, and now you're emailing their host to complain?

The file is obviously randomly named - I can think of no legitimate
executable that is randomly named.
Device drivers are not user-mode executables, and do not have a .exe
extension.
Very clearly, the file is malicious.

Alun Harford

 

[Rock]

"caravaggio" wrote>

Thanks for the replies. I've found the startup key for this application in
the registry and it is listed as a MS display driver, can someone from MS
confirm this?

It's not an MS file. By the way you are not talking to MS here. This is a
peer to peer tech support group. If you want to talk to someone from MS you
need to contact tech support through the normal channels.

 

[Mr. Arnold]

Look, all I was trying to do is give you some insight about how it's your
responsibility at all times to make sure you know what's running on your
computer. You sat up in the NG and whined about some process that was
sucking up your Internet connection. You didn't even know how to track it
down as to where it was connecting.

Just because it's a MS solution, so you say, does that mean that the thing
should interfere with the Internet connection?

And on top of that, you start tossing out snake-oil solutions like Ad-Aware
and Spybot, etc. etc like they are some kind of stops all and ends all
solutions, which they can be easily circumvented and defeated, the AV too.

On top of that, why in the heck would it be connecting to a NON MS site if
it's a MS solution connecting out to the middle of nowhere to a Web hosting
site in middle Europe?

I can give you an exe with MS stamped all over it, if that will convince you
to let my program run as I gather up facts about you.

You had one MVP post to you about the possiblity of it being malware.

You know where you can stick that computer and the program running on it.

MS VB 6 MCP and MS .Net MCP

 

[Guest]

Look, all I was trying to do is give you some insight about how it's your
responsibility at all times to make sure you know what's running on your
computer

I dont need you to tell me that, I could have sat back let the process eat
bandwidtrh and done nothing.

.. You sat up in the NG and whined

I dont remember doing any whining, I asked a question, you didn't have to
show off your huge intellect and get involved. Who's whining now?

about some process that was

sucking up your Internet connection. You didn't even know how to track it
down as to where it was connecting.

Show me where I asked how to track it down. I had it tracked before my OP
otherwise I wouldn't have know what it was called where it was connecting to
what port it was using and how much bandwidth it was using

Just because it's a MS solution, so you say, does that mean that the thing
should interfere with the Internet connection?

I don't say it MS I say it purports to be, take a look at the OP, and no I
didn't say that

And on top of that, you start tossing out snake-oil solutions like Ad-Aware
and Spybot, etc. etc like they are some kind of stops all and ends all
solutions, which they can be easily circumvented and defeated, the AV too.

Nope I didn't, all I said was that I had used them and they hadn't come up
with anything, tell me know all have you written anything better than these
programs? These programs that thousands of people use every day. Can't be all
bad then can they.

On top of that, why in the heck would it be connecting to a NON MS site if
it's a MS solution connecting out to the middle of nowhere to a Web hosting
site in middle Europe?

So all MS apps only connect to MS sites? Moron

I can give you an exe with MS stamped all over it, if that will convince you
to let my program run as I gather up facts about you.

You completely miss the point don't you, way over your head and ego

You had one MVP post to you about the possiblity of it being malware.

And I said thanks and asked the same question in another way because i
didn't really get an answer or a pointer. I think thats when you got all high
and mighty like most trolls

You know where you can stick that computer and the program running on it.

Listen fella i came here and asked a straight forward question and you got
all know it all sitting at your machine looking down on us mortals who aint
afraid to admit we just dont know all there is to know about vista xp MS
dodgy apps and a whole load of other things, so I guess you know now where to
shove your attitude, advice and ignorance

MS VB 6 MCP and MS .Net MCP

how very very technical

 

[Guest]

"caravaggio" wrote>


It's not an MS file. By the way you are not talking to MS here. This is a
peer to peer tech support group. If you want to talk to someone from MS you
need to contact tech support through the normal channels.

Thanks - I knew that it wasn't MS responding to my earlier posts but I
thought that this forum was looked over by MS techs

 

[Guest]

So *you're* presumably performing a denial of service attack on a
machine, and now you're emailing their host to complain?

Nope mailing them to ask if they know anything about it, it may interest a
web hosting company to know that one of their clients is a possible malware
distributer, presumably if it was malware it may have been calling home with
some of my data, or that they are a target of some sort, that's one of the
reasons they have abuse contacts afaik

The file is obviously randomly named - I can think of no legitimate
executable that is randomly named.
Device drivers are not user-mode executables, and do not have a .exe
extension.
Very clearly, the file is malicious.

Alun Harford

OK, thanks for that.

 

[Charles W Davis]

Nope mailing them to ask if they know anything about it, it may interest a
web hosting company to know that one of their clients is a possible
malware
distributer, presumably if it was malware it may have been calling home
with
some of my data, or that they are a target of some sort, that's one of the
reasons they have abuse contacts afaik


OK, thanks for that.

Since these guys don't know about it:
http://www.processlibrary.com/directory?files=fdgbeb.exe+
Get rid of it!

 

[Mr. Arnold]

I dont need you to tell me that, I could have sat back let the process eat
bandwidtrh and done nothing.

I know. No one can tell you anything as your head is a hard as ten bricks
..

. You sat up in the NG and whined

It looks to me like you're still in whine mode.

about some process that was

Show me where I asked how to track it down. I had it tracked before my OP
otherwise I wouldn't have know what it was called where it was connecting
to
what port it was using and how much bandwidth it was using

I am happy for you, at least you're not as dumb as I thought.

I don't say it MS I say it purports to be, take a look at the OP, and no I
didn't say that

Who cares about your original post, because in your subsequent post you
pointed to MS.

Nope I didn't, all I said was that I had used them and they hadn't come up
with anything, tell me know all have you written anything better than
these
programs? These programs that thousands of people use every day. Can't be
all
bad then can they.

That fact that it didn't catch anything should tell you it's snake-oil. Any
0 day exploit can and they do circumvent every last one of your leaning on
the crutch solutions, because they must detect it first, which means they
need a definition file to do it. If the signature is not in the defintion,
then it's missed.

But I though you had some kind of common sense beyond your home user
knowledge.

It looks like I was mistaken.

So all MS apps only connect to MS sites? Moron

Not the one you're talking about *Clown*. Those are know sites, fool.

You completely miss the point don't you, way over your head and ego

The point is that a malware programmer can put the MS stamp on a exe, but
since you're too stupid to realize that, then you miss the point.

And I said thanks and asked the same question in another way because i
didn't really get an answer or a pointer. I think thats when you got all
high
and mighty like most trolls

I only tried to help you *clown*, since you have your head planted firmly up
your behind.

Listen fella i came here and asked a straight forward question and you got
all know it all sitting at your machine looking down on us mortals who
aint
afraid to admit we just dont know all there is to know about vista xp MS
dodgy apps and a whole load of other things, so I guess you know now where
to
shove your attitude, advice and ignorance

You're as about a dumb as a tree, at least the tree knows how to find the
Sun, moron. You can't pull your head out of your behind.

You are a bigger fool than I though you were.

how very very technical

How very very much of a home user *clown* that you are.

 

[Guest]

Since these guys don't know about it:
http://www.processlibrary.com/directory?files=fdgbeb.exe+
Get rid of it!

Thanks Charles.

AVG av finally recognised the file as a trojan today just after an update
and as soon as a test began. It recognises it as IRC/Backdoor.SdBot.BDE,
thanks to all for the responses.

 

[Guest]

Simply rename the file\kill the service\block the port and see what
breaks - if something fundamentals goes wrong (like graphics etc) then
you know the file is doing some good, however (and I suspect) you won't
notice a difference except for a lot of extra bandwidth.

Out of curiousity, where is the file located in your filesystem?


--
Payne747

Payne747
-- http://www.the-serpent.co.uk --

It was in system32, see the reply to Charles W Davis on the 20th May.

Thanks for responding

Dougie