Can anyone shed any light on UAService.exe? (Full Version)

All Forums >> [Other] >> Free Discussion


Esskie -> Can anyone shed any light on UAService.exe? (2/17/2006 6:56:56 AM)

Since the last thread about this question was ever so kindly locked by an MP3Mogul, I'll ask again!,

Does anyone know anything about the UAService.exe file that appeared on my HD last week (in no relation to any previously mentioned disc titles!!)

I'm not interested in seeking advice on how to rip movies etc, as some seem to wrongly think, but I am interested in more info on where/how this file ended up on my drive.

Regards, Esskie.

Antonio -> RE: Can anyone shed any light on UAService.exe? (2/17/2006 7:58:54 AM)

I googled it and I think it seems to be a Trojan downloader or something like that.[8|]

Esskie -> RE: Can anyone shed any light on UAService.exe? (2/17/2006 8:24:48 AM)

Hi Antonio,
Just googled it myself, I never thought of that (DOH!) and you are right.

I wonder why my Virus Scanner didn't pick it up, I'm using McAfee v.10 which is updated everytime an update is available.

Going to run a full system scan right now just to make sure.

Thanks again,
Regards, Esskie

Clint -> RE: Can anyone shed any light on UAService.exe? (2/17/2006 12:33:15 PM)

I do not have such a file on the system I am typing to you so I have no idea what it is doing on yours, let alone what in hell you do to your machine or expose it to [:D] [:-]

Perhaps you could detail the things you have installed/downloaded/inserted into your system in the week or so before you noticed it? Adaware and the likes should take care of it for you if it is indeed of trojan-like behaviour.

As for MP3Mogul, you so far as mention anything slightly illegal & he will jump straight to it (and rightly so, as per the forum rules here), so watch your step it's a very thin line [;)] [:'(]

SiliconFreak -> RE: Can anyone shed any light on UAService.exe? (2/17/2006 3:24:23 PM)

Yes it seems like it really is some sort of Trojan Downloader...or maybe not...who knows!? The point is that UAService7.exe is real/non-malicious program (UAService7.exe is a process belonging to the SecuROM User Access Service which is used to access disk images protected by SecureRom). So there are two possible ways from here...that its also some sort/part of Securom's software (which i dont believe, because i read many articles that its a Trojan), or, that it some malicious file, which only uses similar name to "real" program, so that it confuses users and tries to convince them that this program is needed (and majority wont delete it in this case, cause they will be confused/afraid whether some other software wont work if they delete it, so they probably wont). [:@]

I just dont know why some antivirus industry "top-guns" dont have more detailed info about all this!? I searched Mcafee's and Sophos's databases and's not even mentioned!? Really strange...[&:]

Update : I read more and more and more...hahahahha....and am not almost 99.99% (that 0.01% that remains is just in case that its actually some VERY VERY OLD Securom's file!? - if someone has the time to contact them and ask...we'll all be 100% sure about it! so who's gonna write some nice email and ask??[;)])  sure that its malicious only uses similar name to real service (UAService7.exe), to mislead you can delete are some sites where you may get more info about it and also removal instructions...good luck! [:)][;)] (scrool down for removal instructions!)

cya soon folks...[:D]

MP3Mogul -> RE: Can anyone shed any light on UAService.exe? (2/17/2006 4:03:23 PM)

It is usually associated with music sharing services, i.e. bearshare, etc....

It has been known to be impregnated into .mp3 files in the past.  It is an extremely dangerous trojan/backdoor and after removing it, go into your firewall settings and make sure it DOES NOT have access to the internet.  It's installer will rename it, and then install it again... so watch for another install...

Esskie -> RE: Can anyone shed any light on UAService.exe? (2/17/2006 5:53:09 PM)

Hi There,
First off, sorry for posting this in the wrong place (DOH!), I should know better as I moderated on JRS forums around 3yrs ago?.

As far as the file goes I've ran a full system scan, then connected only to find another update available for my VS so I ran another scan after updating the VS dat file.

It's found nothing so I run a registry scan which found nothing related other than traces of the Half Life 2 demo. I d/loaded that last w/end but it was uninstalled as I intend to go buy the full version this weekend.

My son does d/l a fair bit of music in the form of mp3's using (don't all kick me @ once here [;)]) Limewire but I think it'll be coming off after this as IMHO using these P2P apps are just asking for trouble. Suffice to say he is savvy enough to make sure the file size looks to be what it should.
For eg; we found, what was supposed to be a full album with a file size of only several hundred k/bytes!?!?!!. I've noticed lots of files on that damn Limewire weighing in at 851kb, all with different names & showing up under different searches.

The file was showing up in Task Manager everytime I booted the PC up so was undoubtedly in the startup folder.

MP3Mogul - Yes mate, I've had a look at the Firewall's Internet App list & all seems to be in order there. I plan to keep an eye on Task Manager to see what is starting at boot & also have cranked up the security level a notch to Tight as it was set at Standard until today.

SiliconFreak - Very craft indeed mate, marking it as a Sony protection app, it all looked very above board & proper and I can see how many users could be fooled into thinking it's needed therefore not doing anything to remove it. What kind of people is the question in my mind!.
Thanks for the links too, I did a google after Antonio mentioned doing so but only looked briefly at a couple of pages as I was due to go out.

Clint - I first noticed it there about a week ago so it's been doing it's nasty deeds for that time. As far as what I've installed or d/l'd?, well as I say the HL2 demo via that confounded Steam interface but it should be pretty secure or at least I hope it would be?!!.
Tbh mate, the only place I can think of is it's came in through Limewire?.
Both myself & my son do look for game cheats etc, though & we all know what some of these sites can inflict onto the unsuspecting user. Other than that the music?.

Thanks again to all of you for your help, my best to all of you
Regards, Esskie.

Btw, I just tested my firewall, here are the results which I hope I can take comfort from [sm=banghead.gif] :

Unable to Probe
The IP address requesting this page is different from the IP address of your computer.  This indicates that your computer is behind a proxy or NAT.  These devices allow you to access the Internet by relaying traffic, typically from multiple computers, through a single IP address.
We are unable to directly probe your computer, you should take comfort from this.  You have that much more protection between your computer and the Internet.

Esskie -> RE: Can anyone shed any light on UAService.exe? (2/22/2006 5:28:06 AM)

Hi There,
Just a short update on this UAService file thing.

I've been in touch with McAfee about it & am currently waiting to hear back from them about it.

SiliconFreak - I found absolutely nothing on the McAfee site whatsoever about it either my friend.

I just wonder how many other unsuspecting users have this file on their systems and are under the impression they better leave it alone due to it's propert page contents looking so official.

Any info I get back about it I shall post back here incase it can help anyone else.

Regards, Esskie.

SiliconFreak -> RE: Can anyone shed any light on UAService.exe? (2/22/2006 12:34:58 PM)

Ok please post here when you get more info, cause i would really like to know McAfee's opinion about this file...[:)]

Dont know why you said you and your friend havent found nothing on McAfee's site??? I didnt said i found anything....I said I FOUND NOTHING! So dont understand what you meant with that??[&:]

Good luck and talk to you soon.[;)]

Esskie -> RE: Can anyone shed any light on UAService.exe? (2/24/2006 5:11:23 AM)

Hi There,
When I said "my friend", I was talking to you , as in " Hello my friend".

I didn't mean myself and one of my friends had searched for information, just a case of crossed wires I think?.

I found nothing on McAfee's site so we both found nothing [:D].

Still haven't had anything back from McAfee but they did say they would be in touch with me when they have looked into more information.

Regards, Esskie.

tyson -> RE: Can anyone shed any light on UAService.exe? (12/15/2007 1:11:19 AM)

If you're on a network and your workstation has a directory called C:\Program Files\Lightspeed Systems\User Agent - take note!  UAService.exe (as distinguished from UAService7.exe, a totally different product) is part of Lightspeed Systems' Total Traffic Control network security package and probably was installed by your network admins. In this case DO NOT REMOVE this software without checking first with your network folks (unless you want to make them mad).
See "...User Agent CAN provide systematic identification for the workstations, report that information to the TTC Security Server, and assure that content filtering policies can be applied to appropriately to control your user's network traffic."
See also "The User Agent software will be installed into the C:\Program Files\Lightspeed Systems\UserAgent directory..."

Page: [1]

Valid CSS!

Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI