CDRInfo Forum CDRInfo Forum

Forums  Register  Login  My Profile  Inbox  Address Book  My Subscription  My Forums 

Photo Gallery  Member List  Search  Calendars  FAQ  Ticket List  Log Out

Can anyone shed any light on UAService.exe?   Logged in as: Guest
Viewers: 906 You can click here to see Today's Posts | Most Active Topics | Posts Since Last Visit
  Printable Version
All Forums >> [Other] >> Free Discussion >> Can anyone shed any light on UAService.exe? Page: [1]
Login
Message << Older Topic   Newer Topic >>
Can anyone shed any light on UAService.exe? - 2/17/2006 6:56:56 AM   
Esskie


Posts: 71
Joined: 1/22/2006
Status: offline
Since the last thread about this question was ever so kindly locked by an MP3Mogul, I'll ask again!,

Does anyone know anything about the UAService.exe file that appeared on my HD last week (in no relation to any previously mentioned disc titles!!)

I'm not interested in seeking advice on how to rip movies etc, as some seem to wrongly think, but I am interested in more info on where/how this file ended up on my drive.

Regards, Esskie.


_____________________________

Catch 22
It's all swings and roundabouts....

Post #: 1
RE: Can anyone shed any light on UAService.exe? - 2/17/2006 7:58:54 AM   
Antonio


Posts: 1320
Joined: 7/21/2005
Status: offline
I googled it and I think it seems to be a Trojan downloader or something like that.


_____________________________

salute proffessionista!

(in reply to Esskie)
Post #: 2
RE: Can anyone shed any light on UAService.exe? - 2/17/2006 8:24:48 AM   
Esskie


Posts: 71
Joined: 1/22/2006
Status: offline
Hi Antonio,
Just googled it myself, I never thought of that (DOH!) and you are right.

I wonder why my Virus Scanner didn't pick it up, I'm using McAfee v.10 which is updated everytime an update is available.

Going to run a full system scan right now just to make sure.

Thanks again,
Regards, Esskie


_____________________________

Catch 22
It's all swings and roundabouts....


(in reply to Antonio)
Post #: 3
RE: Can anyone shed any light on UAService.exe? - 2/17/2006 12:33:15 PM   
Clint


Posts: 2184
Joined: 9/11/2001
From: Australia
Status: offline
I do not have such a file on the system I am typing to you so I have no idea what it is doing on yours, let alone what in hell you do to your machine or expose it to  

Perhaps you could detail the things you have installed/downloaded/inserted into your system in the week or so before you noticed it? Adaware and the likes should take care of it for you if it is indeed of trojan-like behaviour.

As for MP3Mogul, you so far as mention anything slightly illegal & he will jump straight to it (and rightly so, as per the forum rules here), so watch your step it's a very thin line  


_____________________________


_________________
You Get What You Pay For...

(in reply to Esskie)
Post #: 4
RE: Can anyone shed any light on UAService.exe? - 2/17/2006 3:24:23 PM   
SiliconFreak


Posts: 12104
Joined: 7/4/2003
From: Melbourne, Victoria, AUS
Status: offline
Yes it seems like it really is some sort of Trojan Downloader...or maybe not...who knows!? The point is that UAService7.exe is real/non-malicious program (UAService7.exe is a process belonging to the SecuROM User Access Service which is used to access disk images protected by SecureRom). So there are two possible ways from here...that its also some sort/part of Securom's software (which i dont believe, because i read many articles that its a Trojan), or, that it some malicious file, which only uses similar name to "real" program, so that it confuses users and tries to convince them that this program is needed (and majority wont delete it in this case, cause they will be confused/afraid whether some other software wont work if they delete it, so they probably wont).

I just dont know why some antivirus industry "top-guns" dont have more detailed info about all this!? I searched Mcafee's and Sophos's databases and nothing...it's not even mentioned!? Really strange...

Update : I read more and more and more...hahahahha....and am not almost 99.99% (that 0.01% that remains is just in case that its actually some VERY VERY OLD Securom's file!? - if someone has the time to contact them and ask...we'll all be 100% sure about it! so who's gonna write some nice email and ask??)  sure that its malicious file....it only uses similar name to real service (UAService7.exe), to mislead users....so you can delete it...here are some sites where you may get more info about it and also removal instructions...good luck!

http://www.pantip.com/tech/software/topic/SV1999085/SV1999085.html (scrool down for removal instructions!)
http://www.greatis.com/appdata/d/u/uaservice.exe_Removal.htm
http://www.processlibrary.com/directory/files/UAService7/

cya soon folks...

(in reply to Clint)
Post #: 5
RE: Can anyone shed any light on UAService.exe? - 2/17/2006 4:03:23 PM   
MP3Mogul


Posts: 5743
Joined: 4/11/2002
From: Retired Moderator
Status: offline
It is usually associated with music sharing services, i.e. bearshare, etc....

It has been known to be impregnated into .mp3 files in the past.  It is an extremely dangerous trojan/backdoor and after removing it, go into your firewall settings and make sure it DOES NOT have access to the internet.  It's installer will rename it, and then install it again... so watch for another install...


_____________________________



LG GSA H22L Firm 1.02
Samsung SH-203N Firm SB01
LiteOn SOHD-16P9S Firm FS0D

(in reply to SiliconFreak)
Post #: 6
RE: Can anyone shed any light on UAService.exe? - 2/17/2006 5:53:09 PM   
Esskie


Posts: 71
Joined: 1/22/2006
Status: offline
Hi There,
First off, sorry for posting this in the wrong place (DOH!), I should know better as I moderated on JRS forums around 3yrs ago?.

As far as the file goes I've ran a full system scan, then connected only to find another update available for my VS so I ran another scan after updating the VS dat file.

It's found nothing so I run a registry scan which found nothing related other than traces of the Half Life 2 demo. I d/loaded that last w/end but it was uninstalled as I intend to go buy the full version this weekend.

My son does d/l a fair bit of music in the form of mp3's using (don't all kick me @ once here ) Limewire but I think it'll be coming off after this as IMHO using these P2P apps are just asking for trouble. Suffice to say he is savvy enough to make sure the file size looks to be what it should.
For eg; we found, what was supposed to be a full album with a file size of only several hundred k/bytes!?!?!!. I've noticed lots of files on that damn Limewire weighing in at 851kb, all with different names & showing up under different searches.

The file was showing up in Task Manager everytime I booted the PC up so was undoubtedly in the startup folder.

MP3Mogul - Yes mate, I've had a look at the Firewall's Internet App list & all seems to be in order there. I plan to keep an eye on Task Manager to see what is starting at boot & also have cranked up the security level a notch to Tight as it was set at Standard until today.

SiliconFreak - Very craft indeed mate, marking it as a Sony protection app, it all looked very above board & proper and I can see how many users could be fooled into thinking it's needed therefore not doing anything to remove it. What kind of people is the question in my mind!.
Thanks for the links too, I did a google after Antonio mentioned doing so but only looked briefly at a couple of pages as I was due to go out.

Clint - I first noticed it there about a week ago so it's been doing it's nasty deeds for that time. As far as what I've installed or d/l'd?, well as I say the HL2 demo via that confounded Steam interface but it should be pretty secure or at least I hope it would be?!!.
Tbh mate, the only place I can think of is it's came in through Limewire?.
Both myself & my son do look for game cheats etc, though & we all know what some of these sites can inflict onto the unsuspecting user. Other than that the music?.

Thanks again to all of you for your help, my best to all of you
Regards, Esskie.

Btw, I just tested my firewall, here are the results which I hope I can take comfort from  :

Unable to Probe
The IP address requesting this page is different from the IP address of your computer.  This indicates that your computer is behind a proxy or NAT.  These devices allow you to access the Internet by relaying traffic, typically from multiple computers, through a single IP address.
We are unable to directly probe your computer, you should take comfort from this.  You have that much more protection between your computer and the Internet.


_____________________________

Catch 22
It's all swings and roundabouts....


(in reply to MP3Mogul)
Post #: 7
RE: Can anyone shed any light on UAService.exe? - 2/22/2006 5:28:06 AM   
Esskie


Posts: 71
Joined: 1/22/2006
Status: offline
Hi There,
Just a short update on this UAService file thing.

I've been in touch with McAfee about it & am currently waiting to hear back from them about it.

SiliconFreak - I found absolutely nothing on the McAfee site whatsoever about it either my friend.

I just wonder how many other unsuspecting users have this file on their systems and are under the impression they better leave it alone due to it's propert page contents looking so official.

Any info I get back about it I shall post back here incase it can help anyone else.

Regards, Esskie.


_____________________________

Catch 22
It's all swings and roundabouts....


(in reply to Esskie)
Post #: 8
RE: Can anyone shed any light on UAService.exe? - 2/22/2006 12:34:58 PM   
SiliconFreak


Posts: 12104
Joined: 7/4/2003
From: Melbourne, Victoria, AUS
Status: offline
Ok please post here when you get more info, cause i would really like to know McAfee's opinion about this file...

Dont know why you said you and your friend havent found nothing on McAfee's site??? I didnt said i found anything....I said I FOUND NOTHING! So dont understand what you meant with that??

Good luck and talk to you soon.

(in reply to Esskie)
Post #: 9
RE: Can anyone shed any light on UAService.exe? - 2/24/2006 5:11:23 AM   
Esskie


Posts: 71
Joined: 1/22/2006
Status: offline
Hi There,
When I said "my friend", I was talking to you , as in " Hello my friend".

I didn't mean myself and one of my friends had searched for information, just a case of crossed wires I think?.

I found nothing on McAfee's site so we both found nothing .

Still haven't had anything back from McAfee but they did say they would be in touch with me when they have looked into more information.

Regards, Esskie.


_____________________________

Catch 22
It's all swings and roundabouts....


(in reply to SiliconFreak)
Post #: 10
RE: Can anyone shed any light on UAService.exe? - 12/15/2007 1:11:19 AM   
tyson

 

Posts: 1
Joined: 12/14/2007
Status: offline
If you're on a network and your workstation has a directory called C:\Program Files\Lightspeed Systems\User Agent - take note!  UAService.exe (as distinguished from UAService7.exe, a totally different product) is part of Lightspeed Systems' Total Traffic Control network security package and probably was installed by your network admins. In this case DO NOT REMOVE this software without checking first with your network folks (unless you want to make them mad).
See http://wiki.lightspeedsystems.com/pages/viewpage.action?pageId=819256: "...User Agent CAN provide systematic identification for the workstations, report that information to the TTC Security Server, and assure that content filtering policies can be applied to appropriately to control your user's network traffic."
See also http://wiki.lightspeedsystems.com/display/KB/Deployment+and+Installation+of+the+TTC+User+Agent+-+Q11117: "The User Agent software will be installed into the C:\Program Files\Lightspeed Systems\UserAgent directory..."

(in reply to Esskie)
Post #: 11
Page:   [1]
All Forums >> [Other] >> Free Discussion >> Can anyone shed any light on UAService.exe? Page: [1]
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts




Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI

0.047