Unknown process

I have a process called fdgbeb.exe that runs at start up and connects to
193.37.152.161 port number). It seems to overload my internet connection. I
have no idea how it got on my machine ut it is easily stopped using task
manager.

Can anyone tell me if it is safe to delete this process?

"caravaggio" <caravaggio@discussions.microsoft.com> wrote in message
news:8BD5B239-A3BF-42FB-B087-E0C6C7A2E875@microsoft.com...
>I have a process called fdgbeb.exe that runs at start up and connects to
> 193.37.152.161 port number). It seems to overload my internet
> connection. I
> have no idea how it got on my machine ut it is easily stopped using task
> manager.
>
> Can anyone tell me if it is safe to delete this process?

If you don't know what it is, then it shouldn't be running.

If you use Arin Whois to trace the IP, it goes to RIPE and winds up at the
Web Hosting company.

For all you know, it's malware as nothing should taking your Internet
connection like that, unless it's pulling/uploading data from your machine
to the site.


http://www.giga-international.com/ueber.php

"Mr. Arnold" wrote:

>
> "caravaggio" <caravaggio@discussions.microsoft.com> wrote in message
> news:8BD5B239-A3BF-42FB-B087-E0C6C7A2E875@microsoft.com...
> >I have a process called fdgbeb.exe that runs at start up and connects to
> > 193.37.152.161 port number). It seems to overload my internet
> > connection. I
> > have no idea how it got on my machine ut it is easily stopped using task
> > manager.
> >
> > Can anyone tell me if it is safe to delete this process?
>
> If you don't know what it is, then it shouldn't be running.
>
> If you use Arin Whois to trace the IP, it goes to RIPE and winds up at the
> Web Hosting company.
>
> For all you know, it's malware as nothing should taking your Internet
> connection like that, unless it's pulling/uploading data from your machine
> to the site.
>
>
> http://www.giga-international.com/ueber.php
>
>

Thanks for that response. I've already mailed the hosting companies abuse
contact and await a reply, however, according to windows defender the process
was installed at manufacture so I am unsure whether it is malware or a
genuine process hi-jacked by malware which is why I am unsure if I should
just delete the process. Google, Microsoft and Symantec all come up blank on
searches for the process.

"caravaggio" <caravaggio@discussions.microsoft.com> wrote in message
news:9AA9D3DC-32C8-4AA4-9A01-5243929F1965@microsoft.com...
>
>
> "Mr. Arnold" wrote:
>
>>
>> "caravaggio" <caravaggio@discussions.microsoft.com> wrote in message
>> news:8BD5B239-A3BF-42FB-B087-E0C6C7A2E875@microsoft.com...
>> >I have a process called fdgbeb.exe that runs at start up and connects to
>> > 193.37.152.161 port number). It seems to overload my internet
>> > connection. I
>> > have no idea how it got on my machine ut it is easily stopped using
>> > task
>> > manager.
>> >
>> > Can anyone tell me if it is safe to delete this process?
>>
>> If you don't know what it is, then it shouldn't be running.
>>
>> If you use Arin Whois to trace the IP, it goes to RIPE and winds up at
>> the
>> Web Hosting company.
>>
>> For all you know, it's malware as nothing should taking your Internet
>> connection like that, unless it's pulling/uploading data from your
>> machine
>> to the site.
>>
>>
>> http://www.giga-international.com/ueber.php
>>
>>
>
> Thanks for that response. I've already mailed the hosting companies abuse
> contact and await a reply, however, according to windows defender the
> process
> was installed at manufacture so I am unsure whether it is malware or a
> genuine process hi-jacked by malware which is why I am unsure if I should
> just delete the process. Google, Microsoft and Symantec all come up blank
> on
> searches for the process.
>
>

Then what you should do is with a FW if one is running on the machine is
stop outbound traffic to that IP, until you know something.

"caravaggio" wrote
>I have a process called fdgbeb.exe that runs at start up and connects to
> 193.37.152.161 port number). It seems to overload my internet
> connection. I
> have no idea how it got on my machine ut it is easily stopped using task
> manager.
>
> Can anyone tell me if it is safe to delete this process?

Assuming it's spelled correctly, that Google gives no hits is suspicious and
suggests malware.

--
Rock [MS-MVP User/Shell]

"Rock" wrote:

> "caravaggio" wrote
> >I have a process called fdgbeb.exe that runs at start up and connects to
> > 193.37.152.161 port number). It seems to overload my internet
> > connection. I
> > have no idea how it got on my machine ut it is easily stopped using task
> > manager.
> >
> > Can anyone tell me if it is safe to delete this process?
>
> Assuming it's spelled correctly, that Google gives no hits is suspicious and
> suggests malware.
>
> --
> Rock [MS-MVP User/Shell]
>
>

Thanks for the replies. I've found the startup key for this application in
the registry and it is listed as a MS display driver, can someone from MS
confirm this?

"caravaggio" <caravaggio@discussions.microsoft.com> wrote in message
news:0E381BA1-358B-4443-BB96-91E69C60DD8D@microsoft.com...
>
>
> "Rock" wrote:
>
>> "caravaggio" wrote
>> >I have a process called fdgbeb.exe that runs at start up and connects to
>> > 193.37.152.161 port number). It seems to overload my internet
>> > connection. I
>> > have no idea how it got on my machine ut it is easily stopped using
>> > task
>> > manager.
>> >
>> > Can anyone tell me if it is safe to delete this process?
>>
>> Assuming it's spelled correctly, that Google gives no hits is suspicious
>> and
>> suggests malware.
>>
>> --
>> Rock [MS-MVP User/Shell]
>>
>>
>
> Thanks for the replies. I've found the startup key for this application in
> the registry and it is listed as a MS display driver, can someone from MS
> confirm this?

Confirm what? That's for you to do. It's your responsibility to know what is
running on your computer. You're the one that needs to make a determination
if the process is legit or not, because after all, its your computer.

Something shows up out of nowhere and is tying up my connection, and I can
stop it from doing it, then that's going to happen.

What would be the need of that program making an Internet connection with
outbound commutations to a remote site?

I had a Linksys wireless card driver that was phoning home to various IP(s).
I needed the driver, but I didn't need it phoning home so I stopped it from
doing it.

Maybe, you should block outbound traffic to that IP period with a firewall,
better yet, stop the exe from running and see what happens. It's just an
exe, use MSconfig and uncheck it in the Start-up, if it's there or go find
it in the Start-up folder and stop it or remove it.

Again what business does that program have in sending outbound traffic to a
remote IP, legit or not legit?

I like CurrPort, because you got to go look for yourself from time to time.
Also Process Explorer is a good tool to look and see what is running on the
machine. You can look inside a process like that exe and see what it's
hosting (hidden processes), that Task Manger cannot show you.

http://www.bestvistadownloads.com/do...-software.html

http://preview.tinyurl.com/klw1

http://www.microsoft.com/technet/sys...s/default.mspx

Active Ports doesn't run on Vista.

"Mr. Arnold" wrote:

>
> Confirm what?

Confirm if it is a genuine MS display driver, I thought that was obvious.
And yes it is my computer but I didn't write, design or even install the
software, so I thought I'd ask a MS tech if it is a genuine process because
if it is then I'd rather not delete or otherwise interfere with it and
concentrate on finding out why it's making spurious internet connections.

As soon as I did a netstat -b and found that it was making a connection I
blocked it. At present no software, adaware, windows defender, avg av, norton
online check, spybot find the process a threat or find any other on my
system. I did this before my original post.

If you look back, I didn't ask how to stop it connecting, I didn't ask what
to use to see if it's malware, I asked if anyone knew if it was safe to
delete? So over to someone who knows what they are talking about and is able
to answer a direct question without a know-it-all attitude.

caravaggio wrote:
>
> "Mr. Arnold" wrote:
>
>> "caravaggio" <caravaggio@discussions.microsoft.com> wrote in message
>> news:8BD5B239-A3BF-42FB-B087-E0C6C7A2E875@microsoft.com...
>>> I have a process called fdgbeb.exe that runs at start up and connects to
>>> 193.37.152.161 port number). It seems to overload my internet
>>> connection. I
>>> have no idea how it got on my machine ut it is easily stopped using task
>>> manager.
>>>
>>> Can anyone tell me if it is safe to delete this process?
>> If you don't know what it is, then it shouldn't be running.
>>
>> If you use Arin Whois to trace the IP, it goes to RIPE and winds up at the
>> Web Hosting company.
>>
>> For all you know, it's malware as nothing should taking your Internet
>> connection like that, unless it's pulling/uploading data from your machine
>> to the site.
>>
>>
>> http://www.giga-international.com/ueber.php
>>
>>
>
> Thanks for that response. I've already mailed the hosting companies abuse
> contact and await a reply

So *you're* presumably performing a denial of service attack on a
machine, and now you're emailing their host to complain?

The file is obviously randomly named - I can think of no legitimate
executable that is randomly named.
Device drivers are not user-mode executables, and do not have a .exe
extension.
Very clearly, the file is malicious.

Alun Harford

"caravaggio" wrote>
>
> "Rock" wrote:
>
>> "caravaggio" wrote
>> >I have a process called fdgbeb.exe that runs at start up and connects to
>> > 193.37.152.161 port number). It seems to overload my internet
>> > connection. I
>> > have no idea how it got on my machine ut it is easily stopped using
>> > task
>> > manager.
>> >
>> > Can anyone tell me if it is safe to delete this process?
>>
>> Assuming it's spelled correctly, that Google gives no hits is suspicious
>> and
>> suggests malware.

> Thanks for the replies. I've found the startup key for this application in
> the registry and it is listed as a MS display driver, can someone from MS
> confirm this?

It's not an MS file. By the way you are not talking to MS here. This is a
peer to peer tech support group. If you want to talk to someone from MS you
need to contact tech support through the normal channels.

--
Rock [MS-MVP User/Shell]