What is this mysterious process that hijacked my shortcut?
June 4, 2008 10:11 AM   Subscribe

What is this mysterious process that hijacked my shortcut? I was using Photoshop CS2 and entered the shortcut key for "Save for Web" (Alt+Shift+Ctrl+S) and instead of getting the Save for Web dialog, a very minimalist login box appeared. Intrigued, I brought up the Task manager, right-clicked on the "Login" entry in the list, and selected "Go To Process." The process turned out to be C:\WINDOWS\SYSTEM32\vidifker.exe.

This is on Windows XP Pro 2002 SP2.

All web searches for vidifker turn up nothing; if this is a virus or trojan, it's probably trivial for it to generate different names for itself. But then why was it so easy to find? Is it a keylogger? Commercial monitoring software? Is anyone familiar with any of this?
posted by Optimus Chyme to Computers & Internet (7 answers total) 3 users marked this as a favorite
Best answer: Spectorsoft Keylogger
posted by na2rboy at 10:56 AM on June 4, 2008

I tried searching for vidifker.exe too - substituting "1", and then "l" (lowercase L), thinking that it might be something malicious along the lines of rundII.exe trojans. Nothing.

I'd be very surprised to see no search results if it was a legitimate part of Windows, or just about any other non-malicious app out there.

My guess is that it's a trojan.

I would suggest rebooting, opening everything you had open before, and then trying that shortcut in Photoshop again. When you get the login, check the associate process to see if it refers to the same name. If it doesn't, you've got yourself a trojan. If the name remains the same, nothing is proven.

You haven't let us know explicitly if this is a work computer. If it is, you might consider asking your IT group about whether or not it's part of an in-house app they use.

If you haven't scanned your PC lately, try running SpyBot and then visit http://housecall.trendmicro.com for a full scan.

Another bit of something you can try:
Copy the .exe to an empty flash drive, then delete it from your computer.
Reboot, go through the motions and try to get the login screen again.
Be aware that if this is actually part of an important in-house (or other) app, something may not work correctly and you might actually have to restore the file from your flash drive. Don't do this unless you feel confident at the command prompt and aren't prone to panicking.
posted by terpia at 11:08 AM on June 4, 2008

Response by poster: Motherfucker. Na2rboy is correct.
posted by Optimus Chyme at 11:22 AM on June 4, 2008

Oh, how I want to read about the results of having made this discovery... Please do tell.
posted by bz at 1:36 PM on June 4, 2008

Response by poster: It's not that big of a deal, actually: it's a work computer, so the owner is justified in installing any software he wants on it. However, I am peeved that something with the capacity for keystroke logging is installed on the machine I use for personal matters during lunch and other breaks.

The most irritating part is having my shortcuts disabled so this crapware can run "hidden."
posted by Optimus Chyme at 9:09 PM on June 4, 2008

Dear Gourd!
Are you saying your employer installed a key logger on our computer? That's savagely inappropriate (though legal).

Unless you're working on some VERY high-dollar or defense projects it seems completely out of line with what an employer needs to know and/or log.

Have you verified that it is in fact your employer who installed this?
posted by terpia at 10:34 AM on June 5, 2008

our = your
posted by terpia at 10:34 AM on June 5, 2008

« Older How can I get set lists for concerts I went to?   |   Where can a group, half of whom don't eat meat... Newer »
This thread is closed to new comments.