DelphiFAQ Home Search:

svcdiag.exe - what is this?

 

commentsThis article has not been rated yet. After reading, feel free to leave comments and rate it.

Question:

I just turned on the monitor to my PC and found the following DOS box open:

Looks like..
  1. someone opened that DOS box,
  2. issued a TFTP command to download a program 'svcdiag.exe' (which luckily failed!),
  3. and then tried to execute the (luckily not existing) program.
What is going on here? I certainly did not do any of that. Is someone remotely controlling my PC?
I have VNC installed on the standard port.

Answer:

It appears that you already have such a file and it is write-protected, and also hidden. It is currently running that's why it could not be overwritten. Screenshot of the task manager:

The file existed on the system in \winnt\system32
Steps for protection:
  1. I killed the process
  2. attrib -h -r svcdiag.exe (makes it visible)
  3. deleted the file, waited a bit to find out if it resurfaces (it did not)
  4. I thought it may be related to my virus scanner (AntiVir) but no such proof. I created a 4 byte text file in the same location as svcdiag.exe
  5. Made this file read-only and hidden as the 'original': attrib +h +r svcdiag.exe



Content-type: text/html

Comments:

2006-11-15, 22:48:36
anonymous from United States  
I also got hit by SVCDIAG.EXE
I deleted the file, had to reset the read-only attribute first.
It was located in c:\svcdiag.exe
I noticed that it got called after booting.



Keywords: screenshot

 

 

NEW: Optional: Register   Login
Email address (not necessary):

Rate as
Hide my email when showing my comment.
Please notify me once a day about new comments on this topic.
Please provide a valid email address if you select this option, or post under a registered account.
 

Show city and country
Show country only
Hide my location
You can mark text as 'quoted' by putting [quote] .. [/quote] around it.
Please type in the code:

Please do not post inappropriate pictures. Inappropriate pictures include pictures of minors and nudity.
The owner of this web site reserves the right to delete such material.

photo Add a picture: