Question

Locked

What is ddcvt.exe?

By abanerji ·
My System details are Compaq Presario P4, 256 MB RAM, XP-SP2 (patched uptodate), ZoneAlarm Free 6.5, AVG Free 7, Ewido Anti-spyware 4.0, DiamondCS ProcessGuard Free 3.405. I have just observed the presence of "C:\Windows\System32\ddcvt.exe" both in ZA's Program Control and ProcessGuard's Security tab. A google search provides no information.

What is this ddcvt.exe please?

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

Looks suspicious

by Kiltie In reply to What is ddcvt.exe?

Do you mean that it is being detected as a possible threat by ZA and PG? or that it is an executable in those processes folders.


Google got a couple of hits for ddcvt.exe but they were foreign. However the Polish site had

ddcvt.exe --- Zombie

I don't read Polish, but that word stood out, so it looks suspicious, especially as it was in relation to a thread about someone trying to nail malware and posted a Hijackthis log (I can read those lol)

To be safe, find the file and rename it, such as

ddcvtOLD.exe

reboot and see what develops.

However I suspect you may have some malware there, and your best bet (if the anti malware programs cannot solve it) is to go to the forums at safernetworking.org, for example (home of Spybot)

Collapse -

Info from another forum

by abanerji In reply to Looks suspicious

Thank you for your response. Sorry, I should have been more explicit. ZA/PG doesn't show it as a threat, just as permitted program.

Meanwhile, I had posted at castlecops too and this is what they say (http://www.castlecops.com/t171534-ddcvt_exe_file.html). It's apparently part of GPL Ghostscript, which I remember came with my pdf creator.

I have also since done online scan of the file at VirusTotal, Jotti, and Norman Sandbox, and all engines say the file is clean.

Re home of Spybot, I visited safernetworking.org (as mentioned by you), and it's a landing.domainsponsor.com site. The true home of Spybot is safer-networking.org (that's what I found now).

Collapse -

OOps a typo

by Kiltie In reply to Info from another forum

My apologies about that, yes indeed it is
http://www.safer-networking.org/

My excuse: I was getting hit by multiple IMs at the time I posted, and finished rather quickly.

If it is a permitted program, then no problem, case solved.

Out of interest, this is the link which made me suspicious.

http://www.searchengines.pl/phpbb203/lofiversion/index.php/t39102.html

About 2/3 of the way down there is a lot of code with the words that looked suspicious:

1908 - SPOOLSV.EXE
2104 - ddcvt.exe --[Zombie]--
2368 - WINLISTER.EXE --[Zombie]--
2404 - ddcvt.exe --[Zombie]--
2492 - ddcvt.exe --[Zombie]--
2868 - ddcvt.exe --[Zombie]--
3372 - ddcvt.exe --[Zombie]--
3660 - CMD.EXE
3684 - ddcvt.exe --[Zombie]--
4060 - ddcvt.exe --[Zombie]--

Total number of processes = 45

Collapse -

ddcvt

by asif In reply to What is ddcvt.exe?

did you try to close the service if yes then waht happen after disabling the service

Back to Malware Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums