Help! what is wintcpmod.exe?

Help!what is wintcpmod.exe?

Anyone heard of "wintcpmod.exe "? i found out it was running my cpu at 100% and slowing everything down. all efforts to permanently stop it using Taskmaneger didnt help coz it will start of next time i boot the system. eventually i had to find it in my registry and delete it , now my computer is running fine. nothing on the internet about it. is it a normal component of windows? coz i found it in the registry as a HKLM\software\windows\currentversion\run. I use XP. Someone please educate me!

 

Hello echo,

I don't have have it - running Home, could be Pro?

I searched Pacs Portal site http://www.sysinfo.org/startupinfo.html which is probably the most comprehensive list around and no hit.

If you haven't searched Pacs Portal, perhaps worth a shot for you, could have alternate spelling or form.

Regards - Charles

 

Mysterious Wintcpmod.exe

thanks for your reply, yes i use XP pro. this boggles me why wintcpmod.exe is so elusive even on the internet, just use google and see wat comes up....another unanswered question. looks like i found a computer "lochness monster ". i willappreciate it if you can help me define it.

 

tried with results

i tried the link you gave me -no hits too. i wonder why???

 

Find the file and right click > Properties on it and see if there's a clue there.

I don't have it on Home either.

Sounds like some component of a network possibly. The TCP in the middle may be significant.

 

sorry nothing

noticed nothing of any significance in the properties.

 

addition

this problem only developed about a week ago and my computer was fine before then, after i deleated it its been working fine. the question is - what did i delete???????

 

Thanks! problem solved but mystery remains.

Thanks for all the replies, like i said my system is fine now since i deleted the mysterious wintcpmod.exe from my registry. I was reserving system restore option if the deletion proved unsuccessful. however, i am still very curious as to what it was, the only other mention to it on the web was google in another posted question about it and we both developed this problem this month, could this be some new kind of malicious creation?? the manner it chewed up my computers whole processeing capacity was impressive, back to the question if any of you good people out there can find an answer someday- "what is Wintcpmod.exe? "

 

Hello echo,

Should thought of this earlier, why you don't ask at the Pacs Portal forum at Castle Cops here http://castlecops.com/forum129.html

If anyone would know or have a shot at finding out, he would.

Regards - Charles

 

thanks guys

Thanks guys for your advice and help, it was really interesting. though i have solved my problem as i mentioned above i hope someone somwhere can define "winttcpmod.exe" and its source. i just hate it when developers of malicious software cant be identified. thanks again and if anyone ever finds out pls post your answer.

 

its a virus

i'm not completly sure on what it does yet but, it is a virus or a worm i thing it may spread through email and be a mass mailer in itself `

 

Hello gotcha,

it is a virus or a worm

Could you cite the source for this info?

Regards - Charles

 

wintcpmod.exe

I also have wintcpmod.exe on pc. I am running Windows XP pro. I have also been searching the net for info with little luck. Right clicking on properties does bring up the following info:

Location: C:\WINDOWS

created: Sunday, December 05, 2004, 6:09:40 AM
modified: Sunday, December 05, 2004, 6:09:40 AM

attributes: hidden

version: 7.0.0.55
Copyright (C) Microsoft Corp. 1981-2002
internal name: dss7
original file name: dss7.exe
product name: Microsoft Windows Operating System TCP/IP Module
product version: 7.00.0055

I searched my pc for other files created <Sunday, December 05, 2004, 6:09:40 AM> finding 29 files in the following location:

C:\System Volume Information\_restore{631450BC-6C23-4068-986C-47CE6DABE060}\RP142

Using the System Configuration Utility (msconfig.exe) shows wintcpmod.exe and a no-name entry as startup items located at

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

AND I have new services installed (use start>run> services.msc>enter) which are

SNMP Service
SNMP Trap Service
Remote Registry

I installed port monitoring software which I think these services are part of.

Finally I found something....
Ran Adaware and among other things it found

VendorSSAgent
Categoryata Miner
Object Type:RegValue
Size:25 Bytes
Location:software\microsoft\windows\currentversion\run "DSS "
Last Activity:1-14-2005
Risk Level:Low
TAC index:8
Comment: "DSS "



The "internal name" that is listed in properties for wintcpmod.exe is dss7

Anyway I am removing it with Adaware and will run Spybot S & D and HijackThis also.

If anyone has any other insights into this topic it would be greatly appreciated.

 

Nice bit of sleuthing crawdoogie. Based on the behavior of that file and the fact that even though the properties look legit, there seems to be no legit microsoft file named dss7.exe (and nothing named dss.exe that looks related) I think you and echo75 have found a cleverly written critter that hasn't gotten much notice.

I'm moving this thread to the security section.