Hello. I was tracking down why my *svhost.exe* (used for internet &
network Connections) was being used to access a whole bunch of Picture
files in one of my folders. Files that were not being used by any other
program or service at the time (not even the File Manager). It was
running _under_LocalSystemNetworkRestricted_mode_ and i tracked the PID
to the "'-Windows Audio Endpoint builder-' (http://tinyurl.com/6nbez6)"
Service. I used the resource monitor to see that the WAEB was accessing
numerous files in various folders.
_What_stood_out_was_my_personal_pictures_it_was_ac cessing_.
I looked the service up and in no way is it dependant on or is depended
on by any system except AUDIO on the computer. However according to a
company that deals in computer security (and Microsoft) it is a service
launched by the legitimate 'C:\Windows\System32\svchost.exe' program.
The actual executable file for the Windows Audio Endpoint Builder
service is 'C:\Windows\System32\audiosrv.dll'.
Now this 'service' was reading my picture (JPG) files in the Public
folder that has no system files in it. *Can anyone explain why an Audio
Support DLL is interested in my Pictures?* As well as other files.
I saw mention of this service having something to do with the System
Indexing Serice as well in my search results when trying to find
information. If it is related to indexing then why is it interested in
NON-AUDIO files at all? if the indexer uses 'Associated With'
executables to 'read' files for indexing then it should be using an
audio processor to deal with audio files and an image processor for
pictures, etc -- right?
My concern is that it is being used as a backdoor or such to
_grab_files_for_a_third_party_. Though I cannot find that this file
sends data beyond my machine, it may process it for another program
which would. As yet i cannot find anything suspicious on the outgoing
side.
Any Thoughts or comments would be appreciated.
THANK YOU
--
Nobias
Posted via
http://www.vistaheads.com
Similar Threads
Linear Mode
