Tuesday, November 29, 2011

ICard.exe–Safe or Threat? Unknown Processes.

Sometimes I prefer to manually roam around different system directories for finding out new stuff, surprises or removing unnecessary files and folders (like those of software that I have already uninstalled, and are still grabbing my system storage). This time I went to my “Temporary folder <Temp>” located on “C:\Users\Administrator\AppData\Local\Temp” and found a few files

image

and when I tried to delete them manually (they are temporary files required yesterday, right?), I got an error message:

image

Now, I was worried that an unknown process has invaded my system, and so far, I have never noticed this executable file <ICard.exe> running on my system. I set to explore what is it. I Googled about it ‘www.google.com/search?q=ICard.exe’. It was not enough convincing seeing the search results. Most links were like naming it a threat/virus/spyware without enough information, while showcasing their software products for downloading and maintaining your PC, like some Spyware detector or Registry repairer. It was showing up in the Task Manager as

image

I immediately dropped into the System32 folder as most of the masquerading processes using strikingly similar names as the legitimate processes of the Operating System or other reputed/genuine software reside there.

image

Now, as seen, a legitimate file “icardagt.exe” from Microsoft  is present there. See the name carefully. Almost similar, but not exactly same.

More searching, I found that it was the executable file for CE100 Dialer, that dials and connects to the Tata Photon Plus broadband network that I use. Now this sounds like a holy crap.

The inputs I got from the Internet, specially http://www.prevx.com/filenames/3820543327704469073-X1/ICARD.EXE.html, shows icard.exe as a malware, potentially dangerous virus that can shield itself from antivirus programs. I must say that process file names as “icard.exe” are not a standard such as igfxsrvc.exe (Intel Common User Interface) or explorer.exe (Microsoft Windows Explorer), so many software or services can have files with the same name, but they will definitely reside in  different locations.

Recommendations:

Gain a knowledge of the basic genuine processes that always run in your PC (asking in technical forums or searching online), as always stressed, education is the first and most important step.

image

Frequently run your Windows Task Manager in “Administrator” mode, and verify the processes under ‘Processes’ tab.

If you have processes with same names, then the probability is maximum that some malware is executing from your system.

If you have processes with similar names (say, for example, explorer.exe and exploerer.exe, then most probably that exploerer.exe is malicious).

ØØ So always use a genuine and latest antivirus software (with latest definitions) coupled with a system garbage cleaner like IOBit Advanced SystemCare or CCleaner for cleaning your temporary folders, garbage files, repairing your registry, etc.

It is also recommended to use portable malware finder like CaSIR, and sometimes go for free online scan like BitDefender Online Scan.

NB: Deal carefully. If you are not sure, seek further assistance, else you may end up deleting a genuine process file thereby leading to a dysfunctional software or even system crash.