Unknown SCSI Access - Security Risk ???? WHO put it there and WHY ???

I found something on my computer that I think
everyone here at ATS needs to be aware of.

I found a windows process running in the background
which I did not know I had and did not install it.

I found this actually by mistake while looking to kill
another process and saw this one running without
my consent.

In Windows you have a Windows service by the name
of SCSI Service. You can either enable this service
or disable it. I have had mine disabled since I purchased
my PC. So imagine my surprise when I saw a SCSI Access
process running on my PC.

I highlighted end task and stopped it from running.

However, this did not stop it from re-booting at my next
start-up. So now I set out to find just what this lil
process was running on my PC without my consent.

I did an internet search for the process name which is:

scsiaccess.exe

And my search found this is a normal process linked
with a software program called Alcohol 120.
The problem is: I have never installed such a
program on my PC. Where did this process
come from and why does it auto start at boot-up if
I have all my scsi Windows services switched off ???

The windows task manager could not tell me who the
author of this program was. Under company name
was listed Unknown.

So I typed in msconfig and brought up the windows
start-up menu and found it listed and it was set by
Windows to run at start-up despite the fact that my
SCSI Services were shut off.

And once again, it was listed without an author or
a company name associated. So I unchecked the
box for it to start at Windows boot-up.

After re-booting I checked my task manager again
and it was not running. Thank God.

however, this opened up quite a few questions
for me.

1) How did it get on my machine ???
2) Who installed it ???
3) Who wrote the code and why ???
4) Was I a target for this hidden access ???
5) And why the HELL didn't my Norton Security
warn me or catch it as it just ran a full system scan
last evening ???
6) And where is my PC data going to that is
sent via this scsi access ???

Too many questions, too few answers.

So I decided to look up just what this lil
piece of code could do and found out
that it can be used to access your computer
remotely and it has it's own patent.

In computing, iSCSI (Listeni /aɪˈskʌzi/ eye-skuz-ee), is an abbreviation of Internet Small Computer System Interface, an Internet Protocol (IP)-based storage networking standard for linking data storage facilities. By carrying SCSI commands over IP networks, iSCSI is used to facilitate data transfers over intranets and to manage storage over long distances. iSCSI can be used to transmit data over local area networks (LANs), wide area networks (WANs), or the Internet and can enable location-independent data storage and retrieval. The protocol allows clients (called initiators) to send SCSI commands (CDBs) to SCSI storage devices (targets) on remote servers.

en.wikipedia.org...

Patent Claims:
1. A storage networking device capable of communicating with a remote storage networking device, comprising:a controller configured to manage the receipt of storage networking data and buffer locational data from a remote storage networking device, wherein the storage networking data includes at least one command for at least partially controlling a device attached to a storage network and is transmitted using a protocol adapted for the transmission of storage networking data; anda buffer memory configured to at least temporarily store at least part of the storage networking data at a location within the buffer memory that is based at least in part on the locational data such that the storage networking device provides direct access to the buffer memory.

www.faqs.org...

So WHY the he!! was this on my PC and why was it running
in the background without my consent and who put it there ???

It clearly has the ability to access your PC remotely, even
from the internet.

Is this not a security risk from he!! here ???

I want everyone here at ATS to open their
windows task manager and see if they have
this process running on their PC ?????

scsiaccess.exe

More info



Don't be too paranoid. B)

Originally posted by Grey Magic
Don't be too paranoid. B)

did you even check your machine ??
or just sarcasm ???

How would you feel if you found
something like this on your PC
without your consent or knowledge ???

Originally posted by boondock-saint

Originally posted by Grey Magic
Don't be too paranoid. B)

did you even check your machine ??
or just sarcasm ???

How would you feel if you found
something like this on your PC
without your consent or knowledge ???

Cmon Boondock, read his link before you jump on him... its safe

www.neuber.com...

Avoid all Windows Processes and Install Linux.

LOL at windozer's

Wow, that's weird. I just checked mine out in Task Manager and msconfig and didn't find anything there. But I will make a point of checking from time to time.

Had it in Win XP on old machine, not in Win7 on my new machine.

I wouldn't worry about it.

alcohol 120 is cd/dvd burning software. kind of strange though, i havent heard about this program in years. But yea I wouldnt be to worried.

If your that paranoid Id just make sure your main user account isnt an admin account, and use partitions.

now something else weird.

I just did a search to find out if

scsiaccess.exe

was located in a windows system directory
and it could NOT even be found on my
PC.

How can a process be running if Windows search
can't find it ???

Originally posted by boondock-saint

Originally posted by Grey Magic
Don't be too paranoid. B)

did you even check your machine ??
or just sarcasm ???

How would you feel if you found
something like this on your PC
without your consent or knowledge ???

I hear ya man, I would be pissed!
It's not on my new laptop.

I will check out my other pc's later today...

Interested to find out what this might be tho.
I have had a lot of problems with my other pc's lately...

Good luck...

Originally posted by sm0k3
Cmon Boondock, read his link before you jump on him... its safe

www.neuber.com...

also, from your link
it says the process can be re-named.

Why go to the trouble of re-naming it
unless you do not want it found ???

reply to post by boondock-saint


It's running on mine too...

Weird...I just bought this laptop a couple months ago...Windows 7...I don't know what the heck it is but mine won't shut off period.

Three attempts and it is still running in the background.

Edit: After panicing and then calming down and reading the above link it probably came with my printer software. Still funny though. Wireless printer...maybe it has to be running all the time. I don't know.

reply to post by boondock-saint


There should be a windows services manager in your control panel, just disable the service if it scares you this much, but I really don't think this little thing compromises the security of your computer.

Originally posted by Grey Magic
reply to post by boondock-saint

 

There should be a windows services manager in your control panel, just disable the service if it scares you this much, but I really don't think this little thing compromises the security of your computer.

did you not read my OP ???

I have already stated that I have had my SCSI
Windows Services disabled since I brought
the machine home. There is no reason why
this process should be running. It is against
the settings I set up in Windows.

Yet, it was still installed AND RUNNING !!!

Mine will not let me shut it down...won't at all...I have been in and out and it still is running.

Funny thing this is...I have 4GB RAM 1 T disc and quad core processor, and it still is using 10% of my CPU.

Greedly little program this is!

When in danger, or in doubt,
Run in circles, scream and shout!

Boon, buddy. What is the real reason you're freaking out?
Why are you so alarmed by something that probably communicates with a printer program or Dropbox, or...something else most likely harmless?

Why all the emphatic panicking?

Just asking.

I couldn't find it on my computer, but, I'm not at all worried about it either.

Cuhail

Checked my machine... I don't even have a service with "scsi" in the title .. nor are any such processes running on my machine..

Clearly you got owned.. stop surfing porn sites at 3am

jk

Big Brothers watching you! In all seriousness it does sound quite malicious to a conspiracy theorist like myself but it is probably just about as innocent as most other processes.

Possibly data mining if we were to really whack on the tinfoil hat?

Or maybe they've put you on a list because of your investigative skills. You seen the film 'Conspiracy Theory'? Sometimes the crazy guy is right.

Originally posted by boondock-saint

Originally posted by Grey Magic
reply to post by boondock-saint

 

There should be a windows services manager in your control panel, just disable the service if it scares you this much, but I really don't think this little thing compromises the security of your computer.

did you not read my OP ???

I have already stated that I have had my SCSI
Windows Services disabled since I brought
the machine home. There is no reason why
this process should be running. It is against
the settings I set up in Windows.

Yet, it was still installed AND RUNNING !!!

It's not unheard of that installed software will enable services if they require them.. the panic is probably a little unwarranted.

If you're really that concerned, I suggest running a great utility called combofix .. it's extremely thorough at finding and removing malicious software as well as root kits

Originally posted by jerryznv
Mine will not let me shut it down...won't at all...I have been in and out and it still is running.
Funny thing this is...I have 4GB RAM 1 T disc and quad core processor, and it still is using 10% of my CPU.
Greedly little program this is!

symbolic of data transfer.
it might be sending ur data
via the web. not saying it is
but it's possible.