Solved [Suspected infection] EventService from ViewSonic

ZevinZenph

ZevinZenph

Level 1
Thread author
Verified
Mar 10, 2015
30
Hello,

Few days ago I found something called "EventService" installed on my old XP laptop as an "driver".

I've made another post asking whether the program is malicious or not, but no conclusion is made. Here's all the detail I know:
https://malwaretips.com/threads/que...iver-from-viewsonic-laptop.57144/#post-490866

I don't know if there are still suspicious or even malicious files on my laptop after I uninstalled it, so I come here to for your help, thanks!

-Zevin
 

Attachments

  • FRST.txt
    20.2 KB · Views: 4
  • Addition.txt
    31.5 KB · Views: 5
  • AdwCleaner[S1].txt
    917 bytes · Views: 0
ZevinZenph

ZevinZenph

Level 1
Thread author
Verified
Mar 10, 2015
30
Ummm... But why would you think it's not malicious?

I'm worry about this program due to these indicators:
1. The installer provides no EULA or the description of its service. Seriously, nothing is found.
2. The program states that it's produced by "OEM" in control panel, with "SweetHome" as its registered company name. Both of them look fake.
3. The main executable states that its produced by "Gray Workshop". It's different from the "producer" mentioned in 2., and nothing informative can be found by searching "Gray Workshop EventService" on Google.
4. The "3G Module" mentioned in the log file is unknown. Neither itself or the Internet said anything.
To be honest, I find no explanation other than it's a piece of grayware or even malware disguised as a legit program.
 
ZevinZenph

ZevinZenph

Level 1
Thread author
Verified
Mar 10, 2015
30
It's not detected by VT at all.
link: Antivirus scan for 04496c3552a0c9b0ae7d3aa52f7eaf91c668690f4a24c038bec4ffc1c1b2d7d7 at 2016-03-15 14:46:57 UTC - VirusTotal

BTW I think I accidentally found some source codes. (phymem.sys and pmdll.dll)
The CRC32s in the source file I found match the one installed by the suspicious program.
Here's the link of the source codes I found:
Access Physical Memory, Port and PCI Configuration Space - CodeProject
The site looks trustworthy (It's a source controlling site, I think.), but the codes are released in China.
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
I am not sure, but it looks legit. Chinese programs are a huge mess and a headache, so I really don't know how to help you.
 
ZevinZenph

ZevinZenph

Level 1
Thread author
Verified
Mar 10, 2015
30
Well... Thank you anyways. :)

But can I ask you 1 more question?
Is there any free/low-cost deep program analyzing platform on the Internet? I wonder why it needs to access physical memory...
 

Similar threads

L
    • Like
  • Locked
Delete 'CanisLupusBaileyi' extension in Google Chrome? No option to remove in Chome extensions menu.
Replies
6
Views
947
Windows Malware Removal Help & Support
nasdaq
nasdaq
zkSnark
Question How to prevent files getting automatically deleted from PC?
Replies
6
Views
594
Windows 11
roger_m
R
natem5212
    • Like
  • Locked
14 day battle with little sleep for control of my laptop.
Replies
4
Views
892
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top