what is this process?

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have found a couple of workstations that have the process CID6LNCH.EXE
running on them. It shows in the reg as
HKLM\software\microsoft\windows\current. the file exists in the windows
directory.

I am unable to find any info in the usual places. Any ideas?

Thanks.
 
Google did not show much at all. Try using something like Process Explorer
or Autoruns to see if there is a publisher associated with that process that
may give you a clue what it is. If no publisher name is shown then it
"could" be malware/spyware and a scan for both using the latest definitions
of whatever you scan with would be a good idea. You could also submit the
file to virustotal to see if anything is found.

Steve

http://www.microsoft.com/technet/sysinternals/utilities/ProcessExplorer.mspx
--- Process Explorer
http://www.microsoft.com/technet/sysinternals/utilities/autoruns.mspx --
Autoruns
http://www.virustotal.com/en/indexf.html --- virsutotal
 
Thanks Steve. I will give that a try.

Steven L Umbach said:
Google did not show much at all. Try using something like Process Explorer
or Autoruns to see if there is a publisher associated with that process that
may give you a clue what it is. If no publisher name is shown then it
"could" be malware/spyware and a scan for both using the latest definitions
of whatever you scan with would be a good idea. You could also submit the
file to virustotal to see if anything is found.

Steve

http://www.microsoft.com/technet/sysinternals/utilities/ProcessExplorer.mspx
--- Process Explorer
http://www.microsoft.com/technet/sysinternals/utilities/autoruns.mspx --
Autoruns
http://www.virustotal.com/en/indexf.html --- virsutotal
Click to expand...
 
r. wales said:
I have found a couple of workstations that have the process CID6LNCH.EXE
running on them. It shows in the reg as
HKLM\software\microsoft\windows\current. the file exists in the windows
directory.

I am unable to find any info in the usual places. Any ideas?

Thanks.
Click to expand...

Use task mngr to kill the process and see what stops functioning or if
it is spawned 'spawn'taneously again.
ignore the following if overtly obviated.........obviously:
CNTRL-ALT-DEL, TASK MANAGER tab, PROCESSES, highlite and ENDPROCESS.
If it even shows up in task mngr it is either poorly written
malware/virus or datamining spyware OR... useful.

now...If I could just some answers to my queries, sigh!
Do I need NETBUI-tcp/ip as a client?
Is there light at the end of the tunnel?
Is G.Bush really as malfeasanced, malformed or mis-mal-anthropic?
Warf.
 
Back
Top