suspicious entry

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Brassdog, Aug 19, 2008.

  1. Brassdog

    Brassdog Private E-2

    Hi!

    I found this line that seems suspicious to me:

    O4 - HKCU\..\Run: [A00F1F720C.exe] C:\DOCUME~1\GRAVEH~1\LOCALS~1\Temp\_A00F1F720C.exe

    I followed the path and found the description of it is: Microsoft® Remote Std I/O Shell.....the original filename: remote.exe

    The Microsoft trademark makes it seem legit... but by it being in a hidden temp folder is suspicious-- especially since the creation date was aug18-- about when I started getting pop-ups. Ususally I can hunt online and come to a conclusion, but not this-- i hate to just delete things without knowing.

    What do you think?

    I wouldn't mind fixing my own machine so much... it just takes so much time and research. That's why I thank you folks for taking the time to help, I greatly appreciate it. :)
     
    Brassdog, Aug 19, 2008
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    It's malware. Just have fix that line and delete the file if found.
     
    chaslang, Aug 19, 2008
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds