Identifying process 'SSDKO2.exe'

Can anyone tell me what this is? I strongly suspect it's malicious, and the process can't be terminated in 'Task Manager'. It's running in the user account of my sister's Dell desktop, (XP Home edition, SP3). I've had to clear nearly 60 infections from it, (don't ask!), including trojans, hack tools, spyware and adware, (such as WinAV, CWS, Seekmo and Snadboy). Now MBAM, AVG 8 free and NIS 2007 all say it's clean; (AVG 8 installed independently and removed afterwards to avoid mirroring). Boot times with Norton IS installed jump to 5+mins, but I put that down to the meagre 256MB RAM, and NIS 2007's notorious CPU loading. (With AVG installed it was under a minute). 'msconfig' shows something checked in 'Start Up' with no entry, just the registry location SOFTWARE\Microsoft\CurrentVersion\Run. Disabling it doesn't stop SSKDO2.exe. I don't know if this is an orphan entry left when someone has perhaps removed a program that was disabled in 'Start Up', or some other problem that's still unresolved.
ESET and Kaspersky on line scans only show infections in the, (temporarily disabled), NAV quarantine folder. Running searches on SSDKO2.exe brought only a couple of hits, both of which seemed to indicate that it's a virus, but, (particularly without further information about the directory it's running from if malware), that isn't enough of a consensus to be reliable. Merely the fact that there's so little information on it makes me think it can't be legitimate. It doesn't appear in any list I can find of legitimate processes. If malware, exactly what infection is it associated with?

 

Since posting the above I've run HijackThis and found, (contrary to the information contained in the two hits I got when searching for 'SSDKO2.exe' on line), that it's a process run by the Yahoo Online Protection program [C:\PROGRA~1\YAHOO\YOP\SSDKO2.exe]. Interestingly the supervisor I spoke to at 'BT Yahoo Online Protection' had no knowledge of this! It's still odd that it isn't listed in the task manager legitimate process lists. As it's not in 'C:\Windows\' it's appears to be legitimate and the AV scans are therefore correct. It seems to serve no useful purpose, however, running nearly 10KB, and contributing to the dismal boot time. Added to which, it can't be stopped, as I keep getting an 'Access denied' message, and disabling 'yop' in the 'msconfig' start up tab didn't help either. I'm waiting now for B.T.Y.O.P. to look into this further and phone me back. If I can be sure the NIS suite will renew automatically when the current license expires, without 'SSDKO2.exe' I shall delete the entire 'yop' program and create my own short cut to NIS. I've been told it's a downloader, but it's not responsible for NAV updates obviously, and I can't see why it's using up so much power and making repeated DNS calls.

 

Re: Identifying process 'SSDKO2.exe' Rer

I've now discovered that SSDK02.exe (that should've been a zero, not an O), is a Security Status Server belonging to Norton Security Status Provider from Symantec Corporation, (not really a downloader as BT/YOP said), which explains the DNS calls etc, but not some of the other stuff. BT/YOP tech support is hopeless, so I'm not holding my breath expecting much help there. The long term solution is for my sister to change ISP to one that doesn't use Norton, to avoid the ridiculous 64MB processor hogging. It's actually NIS 2007 so, like all ISP corporate packages, a couple of years behind the latest version, NIS 2009, which supposedly finally addresses the boot lag problems which people have been complaining about for ages. She isn't going to wait another two years for this to trickle down to the corporate IS version!

 

The problem is, my sister's family is IT illiterate. She's computerphobic, although I have hope that the kids will learn from the advice I've left for them on the PC, including the MajorGeeks page on computer maintenance which I've installed on 'Speed dial' in FF3. Even simple things like remembering to update an AV and run scans are likely to get neglected, so the free options aren't a good idea for her. She needs idiot proof solutions. If her PC was a child it would've been taken into care long ago! The only advantage of the Norton IS/YOP package is that I've configured it to scan automatically and it should update itself and renew its licence without requiring any effort. I'm not sure why it had lost the AV and firewall components in the first place. It might have been that WinAV blocked them when the licence should have renewed, or there may have been a problem with the YOP scheduler beforehand, allowing the licence to expire and all the malware infections to get in. It was definitely corrupted, as I had to remove it and re-install, before it would work properly. I'd got the NAV components installed and working again, but the YOP dashboard said they weren't there still. It's not possible to tell from her account what actually happened, and I'm trying to encourage her to keep a log of configuration changes and suspicious events in future. I could install Kaspersky AV on her PC from my disc, but I'd have to make sure it's renewed when my licence runs out, and she doesn't live close to me. I'm planning to use ESET next time, so maybe I'll split the cost with her and install it on both.
British Telecoms has appalling customer service, and their tech support teams aren't highly trained, so she's better of switching ISP anyway. My own ISP is O2, who are really good and the polar opposite of BT in every way. The only difficulty I've had as a result is that when I saw SSDK02.exe in the task manager I misread it as SSDKO2.exe. I was connected through my own O2 router, as I've taken my sister's PC home to work on, and given the size of the type face in the TM, and being accustomed to seeing suffixes such as O2.lan, it was an easy mistake to make. I'd Googled 'SSDKO2.exe' and 'SSDK02.exe' at the same time, but only got the two hits I mentioned. Having searched for 'SSDK02.exe' independently since, I've found a stack of references of course. No doubt malware writers are aware that changing 0s for Os and vice versa helps disguise malicious processes in the TM too.