1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Identifying process 'SSDKO2.exe'

Discussion in 'Virus & Other Malware Removal' started by Mark 1966, Sep 27, 2008.

Thread Status:
Not open for further replies.
  1. Mark 1966

    Mark 1966 Thread Starter

    Joined:
    Jun 18, 2007
    Messages:
    12
    Can anyone tell me what this is? I strongly suspect it's malicious, and the process can't be terminated in the task manager. It's running in the user account of my sister's Dell desktop, (XP Home edition, SP3). I've had to clear nearly 60 infections from it, (don't ask!), including trojans, hack tools, spyware and adware, (such as WinAV, CWS, Seekmo and Snadboy). Now MBAM, AVG8 free and NIS 2007 all say it's clean; (AVG 8 installed independently and removed afterwards to avoid mirroring). Boot times with NIS installed jump to 5+mins, but I put that down to the meagre 256MB RAM, and Norton IS 2007's notorious CPU loading. (With AVG installed it was under a minute). 'msconfig' shows something checked in 'Start Up' with no entry, just the registry location SOFTWARE\Microsoft\CurrentVersion\Run. Disabling it doesn't stop SSKDO2.exe. I don't know if this is an orphan entry left when someone has perhaps removed a program that was disabled in 'Start Up', or some other problem that's still unresolved.
    ESET and Kaspersky on line scans only show infections in the, (temporarily disabled), NAV quarantine folder. Running searches on SSDKO2.exe brought only a couple of hits, both of which seemed to indicate that it's a virus, but, (particularly without further information about the directory it's running from if malware), that isn't enough of a consensus to be reliable. Merely the fact that there's so little information on it makes me think it can't be legitimate. It doesn't appear in any list I can find of legitimate processes. If malware, exactly what infection is it associated with?
     
  2. Mark 1966

    Mark 1966 Thread Starter

    Joined:
    Jun 18, 2007
    Messages:
    12
    Since posting I've run HijackThis and found, (contrary to the information contained in the two hits I got when searching for 'SSDKO2.exe' on line), that it's a process run by the Yahoo Online Protection program [C:\PROGRA~1\YAHOO\YOP\SSDKO2.exe]. Interestingly the supervisor I spoke to at 'BT Yahoo Online Protection' had no knowledge of this! It's still odd that it isn't listed in the task manager legitimate process lists. As it's not in 'C:\Windows\' it appears to be legitimate and the AV scans are therefore correct. It seems to serve no useful purpose, however, running nearly 10KB, and contributing to the dismal boot time. Added to which, as I said, it can't be stopped. I keep getting an 'Access denied' message from 'Task Manager', and disabling 'yop' in the 'msconfig' start up tab didn't help either. I'm waiting now for B.T.Y.O.P. to look into this further and phone me back. If I can be sure the NIS suite will renew automatically when the current license expires, without 'SSDKO2.exe' I shall delete the entire 'yop' program and create my own short cut to NIS. I've been told it's a downloader, but it's not responsible for NAV updates obviously, and I can't see why it's using up so much power.
     
  3. Mark 1966

    Mark 1966 Thread Starter

    Joined:
    Jun 18, 2007
    Messages:
    12
    I've now discovered that SSDK02.exe (that should've been a zero, not an O), is a Security Status Server belonging to Norton Security Status Provider from Symantec Corporation, which explains the DNS calls etc, but not some of the other stuff. BT/YOP tech support is hopeless, some I'm not holding my breath expecting much help there. The long term solution is for my sister to change ISP to one that doesn't use Norton, to avoid the ridiculous 64MB processor hogging. It's actually NIS 2007 NS so, like all ISP corporate packages, a couple of years behind the latest version, NIS 2009, which supposedly addresses the problem which so many people have been complaining about for ages. She isn't going to wait two years for this to trickle down to the corporate IS version!

    "After many years of customer complaints regarding the speed and system utilization of the product, Symantec responded in 2007 with a much needed rewrite of the code to make the product lighter and faster, although it still uses more disk space than competitors and is frequently a source of severe system performance issues. Symantec claims that Norton 2009, (released in Sept 2008), is the fastest amongst its predecessors, because of its innovative new architecture that dramatically reduces the boot time impact, the scan time, the memory usage as well as the system footprint and the install time."
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Solved Identifying process
  1. seanstewart1992
    Replies:
    2
    Views:
    612
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/753971

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice