I was wondering if anyone has any thoughts on the following.
I was doing a rootkit scan with SOPHOS.
During the scan I got a firewall alert saying that ‘qnglkz.exe’ was
trying to make an outbound connection to 92.242.144.10
Protocol 41
Comodo said it was safe.
But I had never seen it before so I ticked block
but I told Comodo not to remember.
Sophos didn’t find any rootkits.
It did find about a dozen unknown hidden files – like ask.com
but ‘qnglkz.exe’ was not one of them.
I searched google – not a single match.
I’ve gone to a couple websites that list all windows files and could
not find that file anywhere.
I searched the forum here and at wilders and again, no results.
I searched my PC for ‘qnglkz.exe’ and came up empty.
My question is – what the hell is ‘qnglkz.exe’ and why did it try to contact
92.242.144.10 ??
I’ve never had a problem tracking down info on a windows .exe before.
See attach…
Thanks in advance
sounds like a random names .exe created by sophos to contact their servers. Usually files like this are created to avoid malware from being able to block them.
No problem but this is just something I am guessing as to what it is. The only thing is when I tried Sophos Anti-root kit I never got any pop up from Comodo. Can you give me a link to where you got yours?
Well, I have my alert setting to very high and also set to ‘custom policy’
However, I am still puzzled that Comodo said it was a safe file.
I’ve been using CIS since last July and I have never had a pop up asking about that file.
Anyway…
I downloaded the Sophos anti-rootkit from the Sophos website, is that what you mean?
It seems like as Languy has said Sophos anti-rootkit spawns a random .exe in the AppData->Local->Temp directory (mine was gcckrd.exe)
I think the reason CIS says it is a safe file is due to it being spawned (a child process) of the main Sophos executable sargui.exe which is a digitally signed file.
On a second scan the temp file name is different
I have my setting set high because I got hit by a drive-by last summer (pre-Comodo) and I’ve been paranoid that something may be lingering, undetected, ever since.