mystery file completed!!
Results 1 to 10 of 10

Thread: mystery file completed!!

  1. #1
    Senior Member
    Join Date
    Nov 2002
    Posts
    339

    mystery file completed!!

    for those of you who remember me posting a couple of days ago about a mysterias google file that suddenly starting d/l ing on my comp, well it happend again and this time it got done d/ling, so here it is.so who ever has the time and effort on finding out what this is, i would really appreciate it.thanx for suffering with my dumb curiosity on what this thing is,take it easy ppl.

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Well, I did file google after I extracted it and got MS Windows PE 32-bit Intel 80386 native DLL.

    So a .dll file of some type?
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Now, RFC Compliant! Noia's Avatar
    Join Date
    Jan 2002
    Posts
    1,210
    hehe, I had something like this happen to me on DalNet once...Chanserv was sending me a file :P kinda weird...It keept trying to do that through-out the night, then the day after, all was well.....some times systems are just too eager to give things out...

    Um, is it safe to open do you think? I'd like to take a look at it, but sounds a bit strange.

    - Noia
    With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .:Bring OS X to x86!:.
    Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag Då landet her kvilte i heilag fred og alle hadde kjærleik å elske med.

  4. #4
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    We'd need a scarifical test box to truly test what it does. Anyone got a Win2K box or Win98 box they want to scarifice to the knowledge gods?
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  5. #5
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    I've got a Dev box with Win2k pro on it. I can ghost the box and run the test if you want but I won't be able to get to it until tomorrow or the next day. Let me know if no one else has a system to sacrifice.

    Cheers:
    DjM

  6. #6
    Senior Member
    Join Date
    Feb 2003
    Location
    Memphis, TN
    Posts
    3,747
    I have a computer to test this on

    I believe that, that file is some part of a proxy server. When I downloaded it and right clicked it opened up the properties. It had a tab on the top that said version and when that was clicked it said that it was a Microsoft Proxy Server.

    It said

    FILE VERSION: 2.0


    DESCRIPTION: MICROSOFT WEB PROXY SERVER [ISAPI EXTENSION]

    I double clicked on the file but did nothing except bring up the open with window so whoever sent it to you only sent you part.

  7. #7
    Senior Member Zonewalker's Avatar
    Join Date
    Jul 2002
    Posts
    949
    hiya Hatebreed...

    opening the file up in a hex editor I get the following


    1 VERSIONINFO
    FILEVERSION 2,0,390,16
    PRODUCTVERSION 2,0,390,16
    FILEOS 0x0
    FILETYPE 0x2
    {
    BLOCK "StringFileInfo"
    {
    BLOCK "040904B0"
    {
    VALUE "CompanyName", "Microsoft Corporation"
    VALUE "FileDescription", "Microsoft Web Proxy Server (ISAPI Extension)"
    VALUE "FileVersion", "2.0"
    VALUE "InternalName", "w3proxy"
    VALUE "LegalCopyright", "Copyright (C) Microsoft Corp 1996."
    VALUE "OriginalFilename", "w3proxy.dll"
    VALUE "ProductName", "Microsoft Proxy Server"
    VALUE "ProductVersion", "2.0"
    }
    }

    BLOCK "VarFileInfo"
    {
    VALUE "Translation", 0x0409 0x04B0
    }
    }

    which is kinda self explanatory and backs up what cheyenne is saying.... don't look like its too much to worry about. Thou why its claiming to be from google and why ur pc is trying to d/l is a mystery!

    the following website might be of interest if you want to know more about the w3proxy.dll file, gets detailed about halfway down the page

    http://www.windowsitlibrary.com/Content/121/13/1.html

    Thanks for providing an interesting diversion

    Z
    Quis Custodiet Ipsos Custodes

  8. #8
    Junior Member
    Join Date
    Nov 2002
    Posts
    11
    strange, i got something different with a hex editor, i should get a batter one

  9. #9
    Senior Member
    Join Date
    Nov 2002
    Posts
    339
    hey people,
    thanx for lookin at this file for me, but i still have a couple of questions about it,first off being like what was mentioned earlier why is it calling its self google? and two why would i be sent a .dll?a .dll is a library of exucutable functions or data that can be used for a windows prog right? so what might program might this dll be for? just a proxy? or some prog google uses?i dont know, but those are my only questions.besides why the hell was this file sent to me in the first place? but again thanx for the thoughts so far, more info or thoughts are more then welcome.im gonna try and figure some stuff out myself about it, but i just got off work and im not as skilled as some of you in these matters *coughs*msmittens*coughs*noia*coughs* so im not sure how much luck ill have.anyways, take it easy ppl.
    Don\'t be a bitch! Use Slackware.

  10. #10
    Senior Member Zonewalker's Avatar
    Join Date
    Jul 2002
    Posts
    949
    hatebreed.. the .dll is an integral part of MS Web proxy server... as indicated in that link I gave earlier. your pretty much right as to what a .dll is as for why it got sent to you - well I can only theorise and point out things to consider-

    - I can't recall if this came through some d/l manager software you have, if it did.... that d/l manager should have what server the .dll was sent from - maybe this will give you some clues as to where this file originated.

    - if you didn't use a d/lmanager for the file.... try taking a look through your firewall logs... it should give you some clue as to where this comes from... assuming you know about what time the d/l started

    - are you running any type of proxy server or going through any proxy servers yourself? is something auto configured to update your .dll files (strange way of doing it but....)??

    - I've got no idea what servers google uses MS based or Linux based (I would have thought Linux based but I could be wrong) but if it's MS based they might reasonably be assumed to be running a webproxy in combination with IIS or something..... might it be worth contacting google themselves and asking if they know of a reason why you appear to be the recipient of a .dll that bears their name

    other than that....... buggered if I know why you got this .dll . It's interesting that it didn't arrive with a .dll extension (did it?) and it was also renamed to google... maybe one of googles servers think you should be part of it...!?! If you ever find out let us know will ya....

    anyone else???

    Z
    Quis Custodiet Ipsos Custodes

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •