Title:- Possible new variant of malware.
Small rating:- 2/5
Review:- Recently, I perused the “Services” tab under MSCONFIG of my laptop running Windows XP Professional. I found something interesting: ohkdfa. I thought to myself, well, never heard of that one. Subsequently, I sought out venerated process bureaus i.e. Neuber and Uniblue Process Library. They were NOT able to verify it. I even “googled” it, and that did not yield any authoritative hits. There were obscure references - - and some sites were not even in English. I might go further into those results at another time, but, for now, I want to provide you guys with the places (that I have been able to identify) where this item lodged itself in my registry because, at least in my opinion, anything you can’t baseline through respected outfits is just downright suspicious and SHOULD be REMOVED.
First place:- HKEY_LOCAL_MACHINE, SOFTWARE, Microsoft, Shared Tools, MSConfig, services.
Second place:- HKEY_LOCAL_MACHINE, SYSTEM, ControlSet001, Enum, Root, LEGACY_OHKDFA.
Third place:- HKEY_LOCAL_MACHINE, SYSTEM, ControlSet001, Services, OHKDFA.
Fourth place:- HKEY_LOCAL_MACHINE, SYSTEM, ControlSet003, Enum, Root.
Fifth place:- HKEY_LOCAL_MACHINE, SYSTEM, ControlSet003, Services, OHKDFA.
Bottom line, the full damage or lack thereof is hard to assess being that there is no precursor. Although speculative, at best I would say something that facilitates spamming activity; at worst, a remote file inclusion that has been monitoring my test computer up until the time I found it. It is my hope that this review can at least serve as a foundation for those struggling to find information on this. I encourage forum leaders on here as well as people like SendOfJive from community.norton.com to “weigh in” (so to speak).