Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
[Suspected infection] EventService from ViewSonic
Message
<blockquote data-quote="ZevinZenph" data-source="post: 492353" data-attributes="member: 34823"><p>It's not detected by VT at all.</p><p>link: <a href="https://www.virustotal.com/zh-tw/file/04496c3552a0c9b0ae7d3aa52f7eaf91c668690f4a24c038bec4ffc1c1b2d7d7/analysis/1458053217/" target="_blank">Antivirus scan for 04496c3552a0c9b0ae7d3aa52f7eaf91c668690f4a24c038bec4ffc1c1b2d7d7 at 2016-03-15 14:46:57 UTC - VirusTotal</a></p><p></p><p>BTW I think I accidentally found some source codes. (phymem.sys and pmdll.dll)</p><p>The CRC32s in the source file I found match the one installed by the suspicious program.</p><p>Here's the link of the source codes I found:</p><p><a href="http://www.codeproject.com/Articles/35378/Access-Physical-Memory-Port-and-PCI-Configuration" target="_blank">Access Physical Memory, Port and PCI Configuration Space - CodeProject</a></p><p>The site looks trustworthy (It's a source controlling site, I think.), but the codes are released in China.</p></blockquote><p></p>
[QUOTE="ZevinZenph, post: 492353, member: 34823"] It's not detected by VT at all. link: [URL="https://www.virustotal.com/zh-tw/file/04496c3552a0c9b0ae7d3aa52f7eaf91c668690f4a24c038bec4ffc1c1b2d7d7/analysis/1458053217/"]Antivirus scan for 04496c3552a0c9b0ae7d3aa52f7eaf91c668690f4a24c038bec4ffc1c1b2d7d7 at 2016-03-15 14:46:57 UTC - VirusTotal[/URL] BTW I think I accidentally found some source codes. (phymem.sys and pmdll.dll) The CRC32s in the source file I found match the one installed by the suspicious program. Here's the link of the source codes I found: [URL="http://www.codeproject.com/Articles/35378/Access-Physical-Memory-Port-and-PCI-Configuration"]Access Physical Memory, Port and PCI Configuration Space - CodeProject[/URL] The site looks trustworthy (It's a source controlling site, I think.), but the codes are released in China. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
