Connection Manager Administration Kit just appeared on my computer! (Win8) help!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

aSILENTfire

Thread Starter
Joined
Mar 9, 2012
Messages
142
I was just checking Secunia PSI and I noticed that a new program was there that wasn't there a couple of days ago. It says Connection Manager Administration Kit (CMAK) 7.x (64-bit), and there is also Connection Manager Administration Kit (CMAK) 7.x

I do not want any remote connections on my computer, I anything related to remote connections blocked in Windows firewall, and no problems with that, but I am using Comodo firewall now and I don't know if all of those services are blocked.

Some other programs I see in Secunia that I don't remember seeing before are: Andrea filters APO access services (32-bit) 1.x, and MediaInfo 0.x

A few other possibly suspicious entries are: 4 XML core services, and 5 different C++ redistributables, but add/remove programs shows 9 of them.

Please let me know what I can remove, thank you.
 

aSILENTfire

Thread Starter
Joined
Mar 9, 2012
Messages
142
Thanks. My brother just got the stdrt.exe virus, a common virus that was taking 1/2 of his ram usage, not visible anywhere except RAMMap from sysinternals, from what I understand it is a rootkit that uses the internet and port scans.. The reason I mention this is because I found this after sharing a game with him of my USB and noticed that it was running really slow, so I checked RAMMap and found it there. Probably unrelated though..

Anyway I'm going to remove the kit, and would like to slim down on my C++ redistributes by uninstalling all of them and adding if needed.. is there any C++ distro that I would want to keep in particular?
 

aSILENTfire

Thread Starter
Joined
Mar 9, 2012
Messages
142
A watched a video on Youtube saying that a program called unhackme works for detecting and removing stdrt.exe, since my brother is asleep I thought I would run it on my computer.. no std virus and the main scan showed no suspicious files but listed 4 unknowns: APB7LG3X.SYS, PORTMSYS.SYS, PROCEXP152.SYS, and SPEEDFAN.SYS I have used procexp by sysinternals, but an not familiar with this file. I have also previously used a program called Speedfan to check my CPU temp, but it didn't work.

But a seperate window in the background of unhackme with the same logo called RegRun Reanimator shows this result:

Item Name: vidc.iv50
Author: Intel Corporation
Related File: C:\Windows\system32\ir50_32original.dll
Type: Codecs

I uploaded the file to VirusTotal and got this result.. (sorry for the long copy/paste)

SHA256: 0eada05886546c4085a5eb7316a24d46261daa45b052f59873860c938a7957f9
SHA1: 57a28f815aa94e3e13e8ec0ac628a8facf21cb3e
MD5: c979ae9db1e6d7a974ad7b78c9764a68
File size: 729.0 KB ( 746496 bytes ) File name: ir50_32original.dll File type: Win32 DLL
Detection ratio: 0 / 46
Analysis date: 2013-01-19 05:52:36 UTC ( 0 minutes ago )

0

0



ssdeep

12288:urg8NitW8iL/v+CO11Wuhpp7/t1YyI1YyIZ0eCbC+xwp9xwp9dcVEu2/2nky8L2R:eek:8iLeCk1W+D7/t1YyI1YyIZ0eCbC+xwL

TrID

DirectShow filter (52.6%)
Windows OCX File (32.2%)
Win32 Executable MS Visual C++ (generic) (9.8%)
Win32 Executable Generic (2.2%)
Win32 Dynamic Link Library (generic) (1.9%)
ExifTool

CodeSize.................: 512512 SubsystemVersion.........: 4.0 InitializedDataSize......: 232960 ImageVersion.............: 0.0 ProductName..............: Intel Indeo video 5.10 FileVersionNumber........: 5.2562.15.55 UninitializedDataSize....: 0 LanguageCode.............: English (U.S.) FileFlagsMask............: 0x003f CharacterSet.............: Windows, Latin1 LinkerVersion............: 5.1 OriginalFilename.........: ir50_32.dll MIMEType.................: application/octet-stream Subsystem................: Windows GUI FileVersion..............: R.5.10.15.2.55 TimeStamp................: 1999:01:27 20:45:57+00:00 FileType.................: Win32 DLL PEType...................: PE32 InternalName.............: ir50_32.dll ProductVersion...........: R.5.10.15.2.55 FileDescription..........: Intel Indeo video 5.10 OSVersion................: 4.0 FileOS...................: Windows 32-bit LegalCopyright...........: Copyright 1994-1998 Intel Corp. MachineType..............: Intel 386 or later, and compatibles CompanyName..............: Intel Corporation LegalTrademarks..........: Indeo is a registered trademark of Intel Corp. FileSubtype..............: 0 ProductVersionNumber.....: 5.2562.15.55 EntryPoint...............: 0x77350 ObjectFileType...........: Dynamic link library Portable Executable structural information

Compilation timedatestamp.....: 1999-01-27 20:45:57 Target machine................: 0x14C (Intel 386 or later processors and compatible processors) Entry point address...........: 0x00077350 PE Sections...................: Name Virtual Address Virtual Size Raw Size Entropy MD5 .text 4096 512437 512512 6.53 652acb425ecc0ffc1bff9537ca2cc034 .sdata 520192 46000 46080 3.66 67a16b6d01eccb016b0b2dc613d6095d .rdata 569344 44259 44544 4.60 1e91b2d1cc9292923e359eb4a7b3eaae .data 614400 81632 47616 4.89 34c390ba99603ddc712fd6ede8e17d55 .rsrc 696320 67716 68096 3.25 a78b74a1b860a72f356808febf5e10b9 .reloc 765952 26196 26624 6.30 65e9db5864e308f1ab8da3e0953edba7 PE Imports....................: [[WINMM.dll]] timeGetTime, DefDriverProc [[GDI32.dll]] GetObjectA, DeleteDC, GetSystemPaletteEntries, SelectObject, BitBlt, CreateCompatibleDC [[KERNEL32.dll]] GetStdHandle, WaitForSingleObject, HeapDestroy, FreeEnvironmentStringsA, DeleteCriticalSection, GetCurrentProcess, GetLocaleInfoA, LocalAlloc, OpenFileMappingA, FreeEnvironmentStringsW, GetLocaleInfoW, SetStdHandle, GetCPInfo, GetStringTypeA, WriteFile, GetStringTypeW, GetOEMCP, LocalFree, InitializeCriticalSection, LoadResource, GlobalHandle, TlsGetValue, OutputDebugStringA, LocalHandle, SetLastError, IsBadWritePtr, LocalLock, ExitProcess, FlushFileBuffers, GetModuleFileNameA, QueryPerformanceFrequency, InterlockedDecrement, MultiByteToWideChar, GetModuleHandleA, CreateSemaphoreA, SetUnhandledExceptionFilter, GetSystemDirectoryA, TerminateProcess, GlobalAlloc, GetVersion, LeaveCriticalSection, HeapFree, EnterCriticalSection, SetHandleCount, FreeLibrary, QueryPerformanceCounter, DisableThreadLibraryCalls, TlsAlloc, GetVersionExA, LoadLibraryA, RtlUnwind, GetStartupInfoA, GetProcAddress, GlobalReAlloc, CreateFileMappingA, GlobalLock, GetFileType, TlsSetValue, HeapAlloc, LocalUnlock, InterlockedIncrement, GetLastError, LCMapStringW, HeapCreate, GetSystemInfo, lstrlenA, GlobalFree, LCMapStringA, GetEnvironmentStringsW, GlobalUnlock, GetShortPathNameA, GetEnvironmentStrings, WritePrivateProfileStringA, LockResource, WideCharToMultiByte, GetCommandLineA, RaiseException, ReleaseSemaphore, MapViewOfFile, TlsFree, SetFilePointer, CloseHandle, GetACP, GetCurrentThreadId, FreeResource, UnmapViewOfFile, VirtualFree, Sleep, IsBadReadPtr, IsBadCodePtr, FindResourceA, VirtualAlloc [[OLEAUT32.dll]] Ord(161), Ord(163) [[ADVAPI32.dll]] RegDeleteKeyA, RegOpenKeyA, RegCloseKey, RegQueryValueA, RegQueryValueExA, RegSetValueA, RegSetValueExA, RegDeleteValueA, RegCreateKeyExA, RegOpenKeyExA, RegCreateKeyA, RegEnumKeyExA [[ole32.dll]] CoUninitialize, CoInitialize, CoTaskMemAlloc, CoCreateInstance, CoFreeUnusedLibraries, CoTaskMemFree, StringFromGUID2 [[USER32.dll]] SetFocus, MapWindowPoints, EndDialog, BeginPaint, OffsetRect, CheckRadioButton, DefWindowProcA, ShowWindow, LoadBitmapA, SetWindowPos, SetDlgItemInt, GetWindowRect, EnableWindow, SetDlgItemTextA, PostMessageA, MoveWindow, MessageBoxA, SetWindowLongA, wvsprintfA, DialogBoxParamA, GetDlgItemInt, CheckDlgButton, GetDC, ReleaseDC, GetDlgCtrlID, SetWindowTextA, GetWindowLongA, SendMessageA, LoadStringW, GetClientRect, GetDlgItem, CreateDialogParamA, WinHelpA, InvalidateRect, wsprintfA, LoadStringA, IsDlgButtonChecked, GetDesktopWindow, IsRectEmpty, GetFocus, EndPaint, DestroyWindow PE Exports....................: AboutDialogProc, ConfigureDialogProc, DllCanUnloadNow, DllGetClassObject, DllMain, DllRegisterServer, DllUnregisterServer, DriverProc PE Resources..................: Resource type Number of resources RT_BITMAP 3 TYPELIB 1 MUI 1 RT_VERSION 1 Resource language Number of resources ENGLISH US 6 First seen by VirusTotal

2013-01-19 05:52:36 UTC ( 0 minutes ago ) Last seen by VirusTotal

2013-01-19 05:52:36 UTC ( 0 minutes ago ) File names (max. 25)


  1. ir50_32original.dll

The TrID shows: Win32 Executable MS Visual C++ (generic) (9.8%)
PE resources reference ...rt files

In the past I have been attacked by real people in real time with remote connections and audio/video streams being captured and uploaded from my computers, and actually saw spelling errors in a terminal (command prompt) history while running linux. That was a long time ago and I don't think a live attack it very likely, but it is possible.

P.S. the file is gone now so I can't find anything else about it.. i don't know why.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top