I have Zone Labs Integrity firewall installed on my Windows 2000 laptop. Every time I start up, it reports a program ucecmdw.exe is trying to access a site at 216.127.33.119. So far I have been denying it. I can’t find much more information about that application. Googling for it finds nothing. It exists in C:\WINNT and the entry in the registry that makes it run at startup is labelled dl3f. I can’t find much information about that site either. So, should I let it run? Should I delete it?
Well, the process is unlisted, that ip (today) belongs to some lame placeholder website called “slotch.com”, and you don’t seem to want it around.
I’m all for deleting it. Use safe mode if it comes back, then try spybot, ad-aware, etc.
I agree with Nanoda. It’s conspicuous from its absence on Google, MSN, AllTheWeb, etc., and the fact it’s trying to access a shady IP address makes it look just like a trojan trying to phone home.
Delete the sucker. If it were essential, it would have been possible to find it on Google.
The registry key “dl3f” is a big red flag for me. Another vote for deletion.
This may be way out of line, but I see from your ‘location’ that you may be in a place where your hosts might have an interest in putting stuff on your machine …
(apologies, again, if this is an offensive suggestion)
Why? I can’t find it in a cursory Google.
IME, the vast majority of legitimate programs (aside from Windows stuff with their GUIDs) have registry entries that describe what they’re for.
Ah. I thought it was something like that the second after I submitted my post. I hoped you’d have something more concrete, though.
Anyway, another reason to delete.
Well, the weird thing is that I would expect viruses and trojans to be more likely to produce hits on Google than legitimate programs, not less likely. Still, I guess none of you have ucecmdw.exe in your WINNT directories. If it’s not a part of Windows, it really shouldn’t be in there. I’ll zap it.
Karl, I’m more confused than offended. Do you mean that the government may have planted that on my machine through my ISP? It’s possible, but a bit far-fetched.
Well, that would be true if the annoying programs of the world didn’t randomly rename themselves to prevent such easy identification. With the information you’ve got right now, you could have any one of thousands of undesirable programs, with hundreds of different ways to remove them.
-
-
- Slotch is a source of, and a target site for spyware/trojanware. You don’t want anything associated with Slotch on your machine. Wipe the file, and do the spyware/virus-scan dance.
~
- Slotch is a source of, and a target site for spyware/trojanware. You don’t want anything associated with Slotch on your machine. Wipe the file, and do the spyware/virus-scan dance.
-
If the name of the process does not show up on Google, it’s a randomly generated name. There is generally no legitimate reason to create a random process name, so that’s a clear sign of spyware.
If the process can’t be googled, it’s bad and should be removed. You’ll probably have to boot into safe mode to delete the file.
Doesn’t look like a random filename to me - uce = Unsolicited Commercial Email (i.e. spam), cmd = command, w = for Windows
IOW it’s almost certainly a trojan and nasty and should be deleted.
Googling indicates that Slotch is involved with the online gambling industry and can do browser redirection.
<notes to himself (and now to everybody)>
Too bad Google doesn’t search through SDMB threads. I wonder if the OP’s issue has only come up on other un-search engine-searchable message boards.
</note>
I recommend manually checking some topical web pages, i.e., those involved in identifying/blocking/counter-harrassing/prosecuting spammers.