-
June 7th, 2004, 02:26 PM
#1
Junior Member
Question on two .exe files
Hi.
Recently, two program have been trying to do something on my computer. One is called
tscr10nl.exe
and the other
mcompodd.exe.
My firewall stopped them and put a major severity flag on them. So, I back traced them and they have both came from the same place, an ISP called National Net down in Georgia. I have Googled to try and find info on both of the programs, but nothing has come up. I have sent an e-mail to the admin asking to know what the programs are because I am curious. As of yet, the admin has failed to return a message, and I suspect he/she never willl. So, any info on these two programs would be greatly appreciated.
Thanks in advance.
And please note, I am not one bit worried about these programs. They aren't viruses unless my Norton Antivirus Corporate Edition can't find them, and my firewall stopped whatever they were trying to do. I am just curious as to what they are.
Don\'t mistake lack of talent for genius.
-
June 7th, 2004, 02:31 PM
#2
Have you done a check for spyware/adware? Perhaps firing up HiJackThis!, CWShredder and Adware/Spybot to see if there is anything else with those files?
-
June 7th, 2004, 02:56 PM
#3
Junior Member
Ok. I just ran Adaware and Spybot 1.3. They are both fully updated, and neither of them found the programs. Also note that my Norton Antivirus scanner is updated as well.
I have gotten advice from another online friend to move the files to a folder called backup, and to make a restore point before I do that. What do you guys think?
Don\'t mistake lack of talent for genius.
-
June 7th, 2004, 03:12 PM
#4
I would suggest that you submit them to Symantec.
To do this open the quarantine click file>add item.Then navigate to the files. This will put them in quarantine where they can not do any damage. From Quarantine they can the be submitted to Symantec for evaluation. You will get a reply from Symantec within 48 hrs.
By doing this you can later restore the files if the are found to be benign.
Edit:
I just re read your post, just because Norton did not find them as a threat does not mean that they are not a threat. Norton is an Anti Virus program, it is not so good at detecting trojans.
Edit
What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry
-
June 7th, 2004, 03:15 PM
#5
What directories are they run out of?
Do they fireup on boot?
Any associated system try icons?
If you can stop them from running on boot, what breaks or changes? Anything?
-
June 7th, 2004, 03:16 PM
#6
Just rename them in place to .old or whatever and restart the box. If you can't find them through Google then they aren't "standard" files and therefore should not mess your box up. If they do restarting in safe mode would allow you to put them back if it fails to boot and if your printer stops working or whatever you can rename each one back to exe and see which one, (or both), makes the failed device work.
If nothing bad happens in a week or so go and delete them and any pointers to them in the registry, (backing it up before you do it of course).
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
June 7th, 2004, 03:24 PM
#7
A strings output or posting those files here would be nice. Someone may be able to analyze them and find out what they do.
Cheers,
cgkanchi
-
June 7th, 2004, 03:24 PM
#8
Junior Member
Sorry for not telling the specifics.
They run out of my System32 folder and start on boot. And thanks for the submitting to Symantec advice, I am going to do that right now.
Don\'t mistake lack of talent for genius.
-
June 7th, 2004, 03:31 PM
#9
Let us no the result from symantec. I'm sure we would all be interested.
They may be legit process for software that you have installed, on the other hand they may not be.
What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry
-
June 7th, 2004, 03:41 PM
#10
Junior Member
Guys, I am sorry but you may not believe this and I hardly can't either. I can't find them in the System32 folder now. The mcompodd.exe file has moved to WINDOWS\Prefetch. The wierd thing, it has some type of string of characters after the .exe ending now. It looks like "mcompodd.exe-31f263c9.pf" So I am guessing it isn't even a .exe file? I don't know, all thoughts I once had are just jumbled up and confused now...I am gonna search for the other file now....Gahhh....
Don\'t mistake lack of talent for genius.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|