DelphiFAQ Home Search:
General :: Windows :: Processes
Do you wonder what that long list of processes in your task manager comes from? Are all those programs running there really needed or are they a virus, adware, spyware.. recording all your keystrokes and then sending your passwords to a remote server? Read the articles below and learn about some of those processes.

Articles:

This list is sorted by recent document popularity (not total page views).
New documents will first appear at the bottom.

Featured Article

svcdiag.exe - what is this?

Question:

I just turned on the monitor to my PC and found the following DOS box open:

Looks like..
  1. someone opened that DOS box,
  2. issued a TFTP command to download a program 'svcdiag.exe' (which luckily failed!),
  3. and then tried to execute the (luckily not existing) program.
What is going on here? I certainly did not do any of that. Is someone remotely controlling my PC?
I have VNC installed on the standard port.

Answer:

It appears that you already have such a file and it is write-protected, and also hidden. It is currently running that's why it could not be overwritten. Screenshot of the task manager:

The file existed on the system in \winnt\system32
Steps for protection:
  1. I killed the process
  2. attrib -h -r svcdiag.exe (makes it visible)
  3. deleted the file, waited a bit to find out if it resurfaces (it did not)
  4. I thought it may be related to my virus scanner (AntiVir) but no such proof. I created a 4 byte text file in the same location as svcdiag.exe
  5. Made this file read-only and hidden as the 'original': attrib +h +r svcdiag.exe



Generated 0:02:16 on Dec 15, 2017