March 4th, 2003, 09:45 PM
mystery file completed!!
for those of you who remember me posting a couple of days ago about a mysterias google file that suddenly starting d/l ing on my comp, well it happend again and this time it got done d/ling, so here it is.so who ever has the time and effort on finding out what this is, i would really appreciate it.thanx for suffering with my dumb curiosity on what this thing is,take it easy ppl.
March 4th, 2003, 10:05 PM
Well, I did file google after I extracted it and got MS Windows PE 32-bit Intel 80386 native DLL.
So a .dll file of some type?
March 4th, 2003, 10:30 PM
hehe, I had something like this happen to me on DalNet once...Chanserv was sending me a file :P kinda weird...It keept trying to do that through-out the night, then the day after, all was well.....some times systems are just too eager to give things out...
Um, is it safe to open do you think? I'd like to take a look at it, but sounds a bit strange.
With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .:Bring OS X to x86!
Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag Då landet her kvilte i heilag fred og alle hadde kjærleik å elske med.
March 4th, 2003, 10:33 PM
We'd need a scarifical test box to truly test what it does. Anyone got a Win2K box or Win98 box they want to scarifice to the knowledge gods?
March 4th, 2003, 10:40 PM
I've got a Dev box with Win2k pro on it. I can ghost the box and run the test if you want but I won't be able to get to it until tomorrow or the next day. Let me know if no one else has a system to sacrifice.
March 4th, 2003, 10:45 PM
I have a computer to test this on
I believe that, that file is some part of a proxy server. When I downloaded it and right clicked it opened up the properties. It had a tab on the top that said version and when that was clicked it said that it was a Microsoft Proxy Server.
FILE VERSION: 2.0
DESCRIPTION: MICROSOFT WEB PROXY SERVER [ISAPI EXTENSION]
I double clicked on the file but did nothing except bring up the open with window so whoever sent it to you only sent you part.
March 4th, 2003, 11:13 PM
opening the file up in a hex editor I get the following
VALUE "CompanyName", "Microsoft Corporation"
VALUE "FileDescription", "Microsoft Web Proxy Server (ISAPI Extension)"
VALUE "FileVersion", "2.0"
VALUE "InternalName", "w3proxy"
VALUE "LegalCopyright", "Copyright (C) Microsoft Corp 1996."
VALUE "OriginalFilename", "w3proxy.dll"
VALUE "ProductName", "Microsoft Proxy Server"
VALUE "ProductVersion", "2.0"
VALUE "Translation", 0x0409 0x04B0
which is kinda self explanatory and backs up what cheyenne is saying.... don't look like its too much to worry about. Thou why its claiming to be from google and why ur pc is trying to d/l is a mystery!
the following website might be of interest if you want to know more about the w3proxy.dll file, gets detailed about halfway down the page
Thanks for providing an interesting diversion
Quis Custodiet Ipsos Custodes
March 5th, 2003, 02:32 AM
strange, i got something different with a hex editor, i should get a batter one
March 5th, 2003, 05:30 AM
thanx for lookin at this file for me, but i still have a couple of questions about it,first off being like what was mentioned earlier why is it calling its self google? and two why would i be sent a .dll?a .dll is a library of exucutable functions or data that can be used for a windows prog right? so what might program might this dll be for? just a proxy? or some prog google uses?i dont know, but those are my only questions.besides why the hell was this file sent to me in the first place? but again thanx for the thoughts so far, more info or thoughts are more then welcome.im gonna try and figure some stuff out myself about it, but i just got off work and im not as skilled as some of you in these matters *coughs*msmittens*coughs*noia*coughs* so im not sure how much luck ill have.anyways, take it easy ppl.
Don\'t be a bitch! Use Slackware.
March 5th, 2003, 01:58 PM
hatebreed.. the .dll is an integral part of MS Web proxy server... as indicated in that link I gave earlier. your pretty much right as to what a .dll is as for why it got sent to you - well I can only theorise and point out things to consider-
- I can't recall if this came through some d/l manager software you have, if it did.... that d/l manager should have what server the .dll was sent from - maybe this will give you some clues as to where this file originated.
- if you didn't use a d/lmanager for the file.... try taking a look through your firewall logs... it should give you some clue as to where this comes from... assuming you know about what time the d/l started
- are you running any type of proxy server or going through any proxy servers yourself? is something auto configured to update your .dll files (strange way of doing it but....)??
- I've got no idea what servers google uses MS based or Linux based (I would have thought Linux based but I could be wrong) but if it's MS based they might reasonably be assumed to be running a webproxy in combination with IIS or something..... might it be worth contacting google themselves and asking if they know of a reason why you appear to be the recipient of a .dll that bears their name
other than that....... buggered if I know why you got this .dll . It's interesting that it didn't arrive with a .dll extension (did it?) and it was also renamed to google... maybe one of googles servers think you should be part of it...!?! If you ever find out let us know will ya....
Quis Custodiet Ipsos Custodes