Windows 7 FSM Startup Entry

[HX1]

I am on day two-three installing and upgrading a Vista Ultimate System to 7 Ultimate..I am on the backside of tweaking the system and finalizing placement of data on the disk with Ultimate Defrag.. I have done just about everything I need to do, in other words; but I have come across and entry in the Startup. It is labeled 'FSM'... lowercase in one program and Uppercase in another.. I have searched quite a bit to find only other things related to the three letters..

Soo.. my questions is.. does anyone here know what it is.. is it suppose to be there...should disable it for optimization.. the general questions..

I don't think this is an infection as I haven't had any issue or anything.. but I also have not made my final sweep either..So looking for some input.

[tonyblair]

I have nothing like that in my startup (windows7 Ultimate) :nono:

[SIRavecavec]

I am on day two-three installing and upgrading a Vista Ultimate System to 7 Ultimate..I am on the backside of tweaking the system and finalizing placement of data on the disk with Ultimate Defrag.. I have done just about everything I need to do, in other words; but I have come across and entry in the Startup. It is labeled 'FSM'... lowercase in one program and Uppercase in another.. I have searched quite a bit to find only other things related to the three letters..

Soo.. my questions is.. does anyone here know what it is.. is it suppose to be there...should disable it for optimization.. the general questions..

I don't think this is an infection as I haven't had any issue or anything.. but I also have not made my final sweep either..So looking for some input.

File behavior

FSM has been seen to perform the following behavior:

• Executes a Process
• The Process is polymorphic and can change its structure
• Registers a Dynamic Link Library File
• Can communicate with other computers using TCP protocols
• This Process sends MIME Email
• Adds a Registry Key (RUN) to auto start Programs on system start up
• Makes outbound connections to other computers using NETBIOSOUT protocols

FSM has been the subject of the following behavior:

• Executed as a Process
• Created as a process on disk
• Deleted as a process from disk
• Victim of a Heap Based Buffer Overflow Exploit
• Added as a Registry auto start to load Program on Boot up

[HX1]

Well.. That explains it quite nicely..Guess I need to do my sweep.. Thanks guys! Much Appreciated!

Not for sure how this got in there either..nothing has been run or anything .. but after it was up for almost a day .. Day two restart. the system acted like t froze when I booted up.. and my regular startup programs quit starting up.. there wasn't any info connected with it and after that everything seem to start just fine.. But anyway I will keep this updated I guess with anything else I fins when I get to the cleaning and lockdown..

EDIT: I have run it for three days with no protection.. so this could be part of the reason..and since no personal information has ever been stored on the thing.. I guess it definitely won't be accessing any accounts..LOL

[HX1]

No this was easy as it could be to fix.. 7 back to lightning speed on the old hardware.. and no real infections.. I don't think it had time to do anything except for that first boot.. but I have scanned all parts including the registry and looked for files.. nothing wrong.. in fact I would say re-installing your system for this would just be plain stupid.. and if your on Vista.. then you should try 7 .. Its quite a step above Vista..or if you were confused about the OS.. its Windows 7, as the title states..

EDIT: I also found with this an infection of two entries within the registry from TweakNow2009.... that was swiftly shredded.. not for sure if that had something to do with it or not.. It was one of those freewares.. but I found that I already had all of those options with Yamicsoft.. so no loss there..

EDIT2: You know I forgot to mention I found the exploit to RDPing a system with Home Edition.. ( regardless of its settings ) from 7 Ultimate.. had no idea..LOL

[jtmulc]

And here I thought you were just touched by his Noodley Appendage.

[HX1]

No and not to be flaming but that would be a n00b solution..Thats like nuking the planet every time people build a system to enslave themselves too.. to grow forever un-natural..Its not a bad idea.. and would definitely finally accomplish the goal.. but a bit short sited and redundant.. which never actually give a resolve.. Like cyclically doing the same thing.. claiming its something different..thinking its something different and doing nothing more than being high on ' ITS A NEW DAY ' syndrome.. When in truth .. 'That train just keeps running over you and running over you and running over you.. clickity-clack, clickity-clack, clickity-clack, clickity-clack..every time the same thing' Never to come up from its wheels again...I wonder where my head is today..Oh yeah wait.. its mine this time..

[tonyblair]

I found this page related to FSM:

http://www.prevx.com/filenames/2110888387410475853-X1/FSM.EXE.html

hope that helps :)

[HX1]

You know its was odd with this one.. it didn't actually have a file in the system..but it made an entry like a folder in the startup that was registry based.. Which sound similar to the description.. but also is the same for others as well..and the only thing I found when scanning my system was two..Trojan entries.. that were related to TweakNow2009 WinSecret.. ( which no longer is archived or use by me.. especially since I have better programs ) So I don't know if it was something else...and I still; if not by TweakNow2009.. don't know how it wound up in the System I was working on.. unless someone inserted media that was infected...It was my Mom and Dads computer.. which sits off-line until I take it from them and update.. This time I updated to 7 Ultimate...( they love it BTW, just finished yesterday )... I have an good Security Package.. I feel... which includes many of the options from 7.. based in HIDS... HIPS... LUA.. and SRP.. which was partially in place before this happened.. so it may have been the reason it did not get fully infected by this thing...I tweaked the network and several other parts of the system to be specifically customized to what they are and are not using the system for. .. So it should, even I missed something... be safe..Mom at 70 was just clicking right along.. better than ever...They will never know how much work I put into it though.. or even the things I have changed.. all they know is that the system is catered precisely to their needs.. and how they like to use it...Dummy proofed a few things as well..LOL... so it should last a while..

EDIT: After seeing how it performed on a 10 year old system.. I am just like n the verge of upgrading.. wish I had two partitions.. and a bigger HD.. got some issues to address before I do it for myself..though..plus I need a Video Card upgrade.. and a processor as well..

[tonyblair]

heath28m,

Here is in brief my way of curing :

1-When a threat (virus or else) is detected or identified and not solved, I use the manual approach to eradicate it.

2-First of all I monitor my Internet link (all inbound and outbound packets, who is talking to who).This thanks to a wonderful

   appplication : Commview.

3-With task manager (or Sysinternals Procmon.exe and procexp.exe) I track the alien program in the memory (even polymorphic)

  here in the window of task manager the polymorphic behavior is a weakness of the alien program. As all the other names do not change

   (explorer, winlogon, isass, services..).

4- Track any new service (Admin tools---Services)

5- Manually seek any alien added start program at boot in the registry .. (I use Search and Destroy SpyBot)

With all the elements I gathered, Now the game is to break the infernal loop ( The program in the memory protect its copy in the HD, and the

  copy in the HD protects the one in the memory. So when you reboot the infernal cycle begin again and we are not able to get rid of it).

  But I can tell you that I had a lot of fun of killing the intruder.  :bruce:

Cheers.

[HX1]

Sounds like mine ( I put this in a thread somewhere in Nsane ) except.. if it is protected I treat it as data and erase its parts and registry entries first as much as possible which at least deters..Whatever is left I treat as data and delete/package.. the remaining threats using BartPE.. then reboot and clean registry again..I have yet to see something that survives it..LOL.. unless I make a mistake and miss something but the process always unveils it.. I also like to watch System32 and Windows folders for signed files and files recently added.. that are not a part of the configuration..

Thing is I should have done what I normally do and kept it offline while I was doing the updates and installations...Before that it had nothing monitoring...

[HX1]

It is still in Windows 7.. However one of the tools mentioned.. SpyBot S&D.. searches the registry using up to date definitions of several types of threats.. and allows you to remove them...( Several other methods to approach this areas as well ) I also use Yamicsoft 7 Manager for 7.. and within its settings you have several options for managing quite a few areas.. Also some regular registry cleaners.. will also remove most of these entries.. because they are usually invalid hacks.. ( well in some cases ).. so they automatically get removed.. Defragging the registry is a good idea afterwards as well.. keeps it linear.. and tight.. therefore smoother and faster.. also smaller.. But yeah just running the 7 Manager can really cleanup a bunch of junk.. un-necessaries.. especially when it is going to be a standalone system there are a tone of things you can shut off, disable.. or change about the characteristics of how the OS operates.. which frees up memory and processor power and saves many read/write cycles to th hard drive.. So you windup with a system that is smaller .. more compact.. and to the point.. 'Waste Not..' - Pirate of the Caribbean... LOL..You can do more with less resources..

You find out a lot about the internal working of the Operating system and even discover quite a bit about options that can be available to you.. quite an advisable thing to do.. and each thing you can change if you needs change within the system as time goes on... Better informed.. and all around just a big plus in my book..

[HX1]

Startup of what? I would advise you to stay out of that.. Really screw up a system if you don't know what your doing..For the most part, there are free programs that will allow you to edit your startup programs..

[HX1]

Okay yeah the last maybe three tabs of msconfig.. are usable by the average user.. but the remainder, I advise to stay away from..

For instance using the Optimize feature...Not really that good for a lot of PC's..

[tonyblair]

It is still in Windows 7.. However one of the tools mentioned.. SpyBot S&D.. searches the registry using up to date definitions of several types of threats.. and allows you to remove them...( Several other methods to approach this areas as well ) I also use Yamicsoft 7 Manager for 7.. and within its settings you have several options for managing quite a few areas.. Also some regular registry cleaners.. will also remove most of these entries.. because they are usually invalid hacks.. ( well in some cases ).. so they automatically get removed.. Defragging the registry is a good idea afterwards as well.. keeps it linear.. and tight.. therefore smoother and faster.. also smaller.. But yeah just running the 7 Manager can really cleanup a bunch of junk.. un-necessaries.. especially when it is going to be a standalone system there are a tone of things you can shut off, disable.. or change about the characteristics of how the OS operates.. which frees up memory and processor power and saves many read/write cycles to th hard drive.. So you windup with a system that is smaller .. more compact.. and to the point.. 'Waste Not..' - Pirate of the Caribbean... LOL..You can do more with less resources..

You find out a lot about the internal working of the Operating system and even discover quite a bit about options that can be available to you.. quite an advisable thing to do.. and each thing you can change if you needs change within the system as time goes on... Better informed.. and all around just a big plus in my book..

@heath28m,

I see, we are at the same level of knowledge.  :P

You are 10X right about "Windows 7 Manager" it is also a wonderful tool I always use. It never fails me Under Vista.

As I have enough space with 4 HDs ,For safety gaming, maintenance  and to have an alternative solution in case of crash, I installed a multiboot system (Windows7 ,Vista and Windows XP ) .

[HX1]

That must be nice..:thumbsup:

[HX1]

Today after installing.. a new version of CFi Shell Toys and doing my Windows Updates from Microsoft .. I found this entry FSM...in my XP machine..Just thought I would share.. wish I could really track this down.. it was erased and killed quite quickly.. ( I think sometimes I am telepathically connected to my machines its just too weird )..It was also accompanied by another entry that had something to do with checking the system kernel...I deleted it before I got specs..

I think I really need to do some digging on this one.. seems like it is coming form a valid source.. but what is what I am unsure about..