Technology, Support, and News Forum

[imnuts Profile Website]

So, I'm here at work and we have a student owned computer that we are currently working on and it has a really odd process running on it named dsfsa.exe. What it is doing is bringing up a command prompt window and just bouncing a little '_' character around in the cmd window. I haven't really been working on it so I'm not sure how exactly it's hooked into the system startup, but it even runs prior to explorer starting as a Spybot S&D scan is currently running before it is fully logged in and the process is still running, which makes me think that it is hooked into winlogon.exe although I don't know if it comes up in Safe mode, but if it does, then I would assume that it put itself into winlogon. What I was wondering is if anyone here knows what this may be. I can't find anything with Google or Process Library on it, so I have no idea what it may be.

[Stukindaguy Profile]

hmmm, by the name of the process and the fact there's nothing on it...my guess would be that it's a virus/spyware that just uses a random filename...in which case...try to delete it from safe mode...

or...could it be a file that was manually renamed...maybe for a prank...i dont know how that would happen...or why for that matter...I just noticed every letter in the filename are the first 4 letters in the second row...a common place for keyboard mashing renames lol...(A, S, D, F)

[kd1966 Profile YIM]

The only thing I can think of is possibly a forced group policy cmd prompt from wherever the student is going to school at........ maybe their school enforces some form of GP on connecting computers..........??

[jrfree1 Profile Website]

You may be able to get some more info on this process by opening a command prompt and running: tasklist /M dsfsa* which should show any modules/dll's that this process is using while it is running.

[imnuts Profile Website]

hmmm, by the name of the process and the fact there's nothing on it...my guess would be that it's a virus/spyware that just uses a random filename...in which case...try to delete it from safe mode...

or...could it be a file that was manually renamed...maybe for a prank...i dont know how that would happen...or why for that matter...I just noticed every letter in the filename are the first 4 letters in the second row...a common place for keyboard mashing renames lol...(A, S, D, F)

Probably a virus/trojan, no idea though. I don't think the system ever got restarted into safe mode, I never really got the chance to work on it. Doubt it was a randomly renamed file, highly doubt. It ran from c:\dsfsa.exe and as I said, displayed the "_" (underscore) character at random positions on the screen, and as far as I know, there isn't any program out there that does this.

The only thing I can think of is possibly a forced group policy cmd prompt from wherever the student is going to school at........ maybe their school enforces some form of GP on connecting computers..........??

Unless the students manually join their personal computers to the domain, which nearly no one does, they won't get this. Also, the forced group policy stuff comes up and runs a script from the server(s) here, this was running locally and constantly.

You may be able to get some more info on this process by opening a command prompt and running: tasklist /M dsfsa* which should show any modules/dll's that this process is using while it is running.

I think the machine was sent to be reimaged as the person that was working on it couldn't get rid of it and I'm pretty sure that they didn't do quite as much troubleshooting as they possibly could have unfortunately.