1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Connection Manager Administration Kit just appeared on my computer! (Win8) help!

Discussion in 'All Other Software' started by aSILENTfire, Jan 18, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. aSILENTfire

    aSILENTfire Thread Starter

    Joined:
    Mar 9, 2012
    Messages:
    142
    I was just checking Secunia PSI and I noticed that a new program was there that wasn't there a couple of days ago. It says Connection Manager Administration Kit (CMAK) 7.x (64-bit), and there is also Connection Manager Administration Kit (CMAK) 7.x

    I do not want any remote connections on my computer, I anything related to remote connections blocked in Windows firewall, and no problems with that, but I am using Comodo firewall now and I don't know if all of those services are blocked.

    Some other programs I see in Secunia that I don't remember seeing before are: Andrea filters APO access services (32-bit) 1.x, and MediaInfo 0.x

    A few other possibly suspicious entries are: 4 XML core services, and 5 different C++ redistributables, but add/remove programs shows 9 of them.

    Please let me know what I can remove, thank you.
     
  2. Glaswegian

    Glaswegian Malware Specialist

    Joined:
    Dec 5, 2004
    Messages:
    3,823
  3. aSILENTfire

    aSILENTfire Thread Starter

    Joined:
    Mar 9, 2012
    Messages:
    142
    Thanks. My brother just got the stdrt.exe virus, a common virus that was taking 1/2 of his ram usage, not visible anywhere except RAMMap from sysinternals, from what I understand it is a rootkit that uses the internet and port scans.. The reason I mention this is because I found this after sharing a game with him of my USB and noticed that it was running really slow, so I checked RAMMap and found it there. Probably unrelated though..

    Anyway I'm going to remove the kit, and would like to slim down on my C++ redistributes by uninstalling all of them and adding if needed.. is there any C++ distro that I would want to keep in particular?
     
  4. aSILENTfire

    aSILENTfire Thread Starter

    Joined:
    Mar 9, 2012
    Messages:
    142
    A watched a video on Youtube saying that a program called unhackme works for detecting and removing stdrt.exe, since my brother is asleep I thought I would run it on my computer.. no std virus and the main scan showed no suspicious files but listed 4 unknowns: APB7LG3X.SYS, PORTMSYS.SYS, PROCEXP152.SYS, and SPEEDFAN.SYS I have used procexp by sysinternals, but an not familiar with this file. I have also previously used a program called Speedfan to check my CPU temp, but it didn't work.

    But a seperate window in the background of unhackme with the same logo called RegRun Reanimator shows this result:

    Item Name: vidc.iv50
    Author: Intel Corporation
    Related File: C:\Windows\system32\ir50_32original.dll
    Type: Codecs

    I uploaded the file to VirusTotal and got this result.. (sorry for the long copy/paste)

    SHA256: 0eada05886546c4085a5eb7316a24d46261daa45b052f59873860c938a7957f9
    SHA1: 57a28f815aa94e3e13e8ec0ac628a8facf21cb3e
    MD5: c979ae9db1e6d7a974ad7b78c9764a68
    File size: 729.0 KB ( 746496 bytes ) File name: ir50_32original.dll File type: Win32 DLL
    Detection ratio: 0 / 46
    Analysis date: 2013-01-19 05:52:36 UTC ( 0 minutes ago ) [​IMG]
    0

    0



    ssdeep

    12288:urg8NitW8iL/v+CO11Wuhpp7/t1YyI1YyIZ0eCbC+xwp9xwp9dcVEu2/2nky8L2R:eek:8iLeCk1W+D7/t1YyI1YyIZ0eCbC+xwL

    TrID

    DirectShow filter (52.6%)
    Windows OCX File (32.2%)
    Win32 Executable MS Visual C++ (generic) (9.8%)
    Win32 Executable Generic (2.2%)
    Win32 Dynamic Link Library (generic) (1.9%)
    ExifTool

    CodeSize.................: 512512 SubsystemVersion.........: 4.0 InitializedDataSize......: 232960 ImageVersion.............: 0.0 ProductName..............: Intel Indeo video 5.10 FileVersionNumber........: 5.2562.15.55 UninitializedDataSize....: 0 LanguageCode.............: English (U.S.) FileFlagsMask............: 0x003f CharacterSet.............: Windows, Latin1 LinkerVersion............: 5.1 OriginalFilename.........: ir50_32.dll MIMEType.................: application/octet-stream Subsystem................: Windows GUI FileVersion..............: R.5.10.15.2.55 TimeStamp................: 1999:01:27 20:45:57+00:00 FileType.................: Win32 DLL PEType...................: PE32 InternalName.............: ir50_32.dll ProductVersion...........: R.5.10.15.2.55 FileDescription..........: Intel Indeo video 5.10 OSVersion................: 4.0 FileOS...................: Windows 32-bit LegalCopyright...........: Copyright 1994-1998 Intel Corp. MachineType..............: Intel 386 or later, and compatibles CompanyName..............: Intel Corporation LegalTrademarks..........: Indeo is a registered trademark of Intel Corp. FileSubtype..............: 0 ProductVersionNumber.....: 5.2562.15.55 EntryPoint...............: 0x77350 ObjectFileType...........: Dynamic link library Portable Executable structural information

    Compilation timedatestamp.....: 1999-01-27 20:45:57 Target machine................: 0x14C (Intel 386 or later processors and compatible processors) Entry point address...........: 0x00077350 PE Sections...................: Name Virtual Address Virtual Size Raw Size Entropy MD5 .text 4096 512437 512512 6.53 652acb425ecc0ffc1bff9537ca2cc034 .sdata 520192 46000 46080 3.66 67a16b6d01eccb016b0b2dc613d6095d .rdata 569344 44259 44544 4.60 1e91b2d1cc9292923e359eb4a7b3eaae .data 614400 81632 47616 4.89 34c390ba99603ddc712fd6ede8e17d55 .rsrc 696320 67716 68096 3.25 a78b74a1b860a72f356808febf5e10b9 .reloc 765952 26196 26624 6.30 65e9db5864e308f1ab8da3e0953edba7 PE Imports....................: [[WINMM.dll]] timeGetTime, DefDriverProc [[GDI32.dll]] GetObjectA, DeleteDC, GetSystemPaletteEntries, SelectObject, BitBlt, CreateCompatibleDC [[KERNEL32.dll]] GetStdHandle, WaitForSingleObject, HeapDestroy, FreeEnvironmentStringsA, DeleteCriticalSection, GetCurrentProcess, GetLocaleInfoA, LocalAlloc, OpenFileMappingA, FreeEnvironmentStringsW, GetLocaleInfoW, SetStdHandle, GetCPInfo, GetStringTypeA, WriteFile, GetStringTypeW, GetOEMCP, LocalFree, InitializeCriticalSection, LoadResource, GlobalHandle, TlsGetValue, OutputDebugStringA, LocalHandle, SetLastError, IsBadWritePtr, LocalLock, ExitProcess, FlushFileBuffers, GetModuleFileNameA, QueryPerformanceFrequency, InterlockedDecrement, MultiByteToWideChar, GetModuleHandleA, CreateSemaphoreA, SetUnhandledExceptionFilter, GetSystemDirectoryA, TerminateProcess, GlobalAlloc, GetVersion, LeaveCriticalSection, HeapFree, EnterCriticalSection, SetHandleCount, FreeLibrary, QueryPerformanceCounter, DisableThreadLibraryCalls, TlsAlloc, GetVersionExA, LoadLibraryA, RtlUnwind, GetStartupInfoA, GetProcAddress, GlobalReAlloc, CreateFileMappingA, GlobalLock, GetFileType, TlsSetValue, HeapAlloc, LocalUnlock, InterlockedIncrement, GetLastError, LCMapStringW, HeapCreate, GetSystemInfo, lstrlenA, GlobalFree, LCMapStringA, GetEnvironmentStringsW, GlobalUnlock, GetShortPathNameA, GetEnvironmentStrings, WritePrivateProfileStringA, LockResource, WideCharToMultiByte, GetCommandLineA, RaiseException, ReleaseSemaphore, MapViewOfFile, TlsFree, SetFilePointer, CloseHandle, GetACP, GetCurrentThreadId, FreeResource, UnmapViewOfFile, VirtualFree, Sleep, IsBadReadPtr, IsBadCodePtr, FindResourceA, VirtualAlloc [[OLEAUT32.dll]] Ord(161), Ord(163) [[ADVAPI32.dll]] RegDeleteKeyA, RegOpenKeyA, RegCloseKey, RegQueryValueA, RegQueryValueExA, RegSetValueA, RegSetValueExA, RegDeleteValueA, RegCreateKeyExA, RegOpenKeyExA, RegCreateKeyA, RegEnumKeyExA [[ole32.dll]] CoUninitialize, CoInitialize, CoTaskMemAlloc, CoCreateInstance, CoFreeUnusedLibraries, CoTaskMemFree, StringFromGUID2 [[USER32.dll]] SetFocus, MapWindowPoints, EndDialog, BeginPaint, OffsetRect, CheckRadioButton, DefWindowProcA, ShowWindow, LoadBitmapA, SetWindowPos, SetDlgItemInt, GetWindowRect, EnableWindow, SetDlgItemTextA, PostMessageA, MoveWindow, MessageBoxA, SetWindowLongA, wvsprintfA, DialogBoxParamA, GetDlgItemInt, CheckDlgButton, GetDC, ReleaseDC, GetDlgCtrlID, SetWindowTextA, GetWindowLongA, SendMessageA, LoadStringW, GetClientRect, GetDlgItem, CreateDialogParamA, WinHelpA, InvalidateRect, wsprintfA, LoadStringA, IsDlgButtonChecked, GetDesktopWindow, IsRectEmpty, GetFocus, EndPaint, DestroyWindow PE Exports....................: AboutDialogProc, ConfigureDialogProc, DllCanUnloadNow, DllGetClassObject, DllMain, DllRegisterServer, DllUnregisterServer, DriverProc PE Resources..................: Resource type Number of resources RT_BITMAP 3 TYPELIB 1 MUI 1 RT_VERSION 1 Resource language Number of resources ENGLISH US 6 First seen by VirusTotal

    2013-01-19 05:52:36 UTC ( 0 minutes ago ) Last seen by VirusTotal

    2013-01-19 05:52:36 UTC ( 0 minutes ago ) File names (max. 25)


    1. ir50_32original.dll

    The TrID shows: Win32 Executable MS Visual C++ (generic) (9.8%)
    PE resources reference ...rt files

    In the past I have been attacked by real people in real time with remote connections and audio/video streams being captured and uploaded from my computers, and actually saw spelling errors in a terminal (command prompt) history while running linux. That was a long time ago and I don't think a live attack it very likely, but it is possible.

    P.S. the file is gone now so I can't find anything else about it.. i don't know why.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Connection Manager Administration
  1. Dukane
    Replies:
    4
    Views:
    208
  2. ptfitzy
    Replies:
    1
    Views:
    241
  3. OM2
    Replies:
    1
    Views:
    239
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1085846

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice