|
Posted by Steven L Umbach on February 28, 2006, 11:53 pm
Please log in for more thread options
I did a search for that file on Google and did not find anything definitive
but nothing that seemed to indicate malware. Other users have found it and
were also curious as to what it was. A search of Microsoft.com showed
nothing for that file which certainly makes it suspect. I checked my Windows
2003 and Windows 2000 test domain controllers and it does not exist on
either one. In addition to routine malware scans with the latest definitions
from the publishers website you should scan for spyware with something like
AdAware SE to see if anything is found.
You could use the tools Process Explorer, TCPView, and Autoruns all free
from SysInternals to gain more information about the process. Process
Explorer will for instance show what ports it uses and if it is associated
with any services. If nothing indicates it is a legitimate or needed process
you could use Autoruns to disable it from being started when the computer
starts up. The first link below shows Windows server port usage which my be
able to help determine if it is something that is indeed used by Windows
Server. --- Steve
http://support.microsoft.com/default.aspx?scid=kb;en-us;832017
http://www.sysinternals.com/Utilities/ProcessExplorer.html --- Process
Explorer
http://www.lavasoftusa.com/software/adaware/ --- AdAware
>I have a process that is starting on reboot of my server that is found in
>C:\Windows\System32 called bmss.exe.
>
> The description of the file is 'Windows NT BMonitor Session Manager'
> File Version: 5.2.3571.0 (JASBR(ntvbl07).010424-2101}
>
> I found it under the following entry in the registry:
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
> with a REG_MULTI_SZ called BootExecute with the following values:
> bmssldr
> autocheck autochk *
> SsiEfr.ex
>
> This seems like a huge security hole as it opens up a ton of ports that my
> Firewall is blocking.
>
> MVP's is this legit or is it someone masquerading as a proper process?
>
> Thanks,
> Sean
>
| 
XML Sitemap