odd entry from HTJ

I ran HijackThis, and there was a new entry that is unusual.

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" //eml:C:\SecureStar\SecurStar GmbH Order #208593, Important registration details..eml

Looking at the file, this is a saved email from SecureStar about some purchased software. The email doesn't contain any passwords or personal information. I don't have Outlook Express installed, so I'm not sure that this entry could have done anything, but I'm not sure where it came from and what it may have been trying to do.

LMHmedchem

 

Hi LMHmedchem,

You answered your own question -- It came from Outlook Express and SecureStar.

 

I don't have outlook express installed. I bought SecurStar drive crypt for a contract I was doing, but I haven't used it in a long time. I use PGP for everyday stuff. I don't see how it could have been either of those apps creating that entry. The .eml file is from 2007 and I don't think I have opened it since. I use seamonkey for my email and don't have either outlook or outlook express installed.

LMHmedchem

 

HJT doe not only display new/current run entries. It will also show missing/broken/outdated run entries. In your case, since you do not have Outlook Express installed anymore, it is safe to delete this entry if you wish to.

If you would like me to check for malware on your PC, follow this guide: READ & RUN ME FIRST Malware Removal Guide