BleepingComputer.com: Strange file in real update folder.

I'm not sure if this is the correct forum, but here goes.

Very recently within the past week, I noticed a file called "rnupgagent" (original filename: rnsetup.exe) was added to my real update folder. The file itself is set to shared with an "unknown contact" and also has user permissions set with "Account Unknown(S-1-5'insert numbers here')". Aside from one post from a user on CNET asking about the same issue, there doesn't seem to be any information about this file that I can find.

Any help regarding this issue would be appreciated.

Did you find the original filename by right-clicking on the file and checking its properties in the version tab?

There isn't much info on that file but this appears to be it's installation path.

"C:\Documents and Settings\Administrator\Application Data\Real\Update\UpgradeHelper\RealPlayer\8.01\rnupgagent.exe" "/Install"

You may want to contact RealPlayer Support and ask them what the file is for.

Until its identified, you can at least check to ensure its not malicious. Anytime you come across a suspicious file or you want a second opinion, submit it to one of the following online services that analyzes suspicious files:

• Jotti's virusscan
  
• VirusTotal
  
• VirSCAN

In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.

quietman7, on 24 May 2011 - 08:52 PM, said:

Yes you are correct. I was even able to find its digital signature, but no copyright.

I tried to contact realplayer support, but apparently that feature is only available to people who have the paid version. I was able to submit a copy of the file to virustotal and none of the av's flagged it as malicious. Oddly enough, it looks like someone had submitted the same file almost a week ago, only the file name is made up of random letters and numbers.

I didn't think the file was malicious but I don't use RealPlayer so I'm not familiar with it.

That's good to hear. Although it's a little strange that there is hardly any information about this file on the internet, but as long as it isn't malicious, I don't think there is anything to worry about.

It may be new with that version of RealPlayer and eventually there should be more information.